The terms of the Target breach settlement with Visa have reportedly been settled upon.
Target will pay Visa card issuers as much as $67 million as a result of costs stemming from the retail giant’s massive data breach that hit at the end of 2013, The Wall Street Journal reported, citing sources said to be close to the matter.
The settlement comes after months of negotiations between the retailer, the payments network and the issuers involved in the case. While the companies confirmed to WSJ that the deal was made, the exact amount of the settlement terms was not confirmed.
The Target breach has gained widespread press and an immense amount of criticism since it compromised data on 40 million credit and debit cards. The total amount lost to card issuing banks still isn’t even fully known. Estimates from trade groups that have spoken out on behalf of the banks and credit unions estimate that it’s cost them more than $350 million just to reissue the cards and clean up the financial mess that came along with that breach, as well as damage incurred from the Home Depot breach that impacted 56 million payment cards.
According to WSJ, Target was satisfied with the deal, while Visa relayed that “this agreement attempts to put this event behind us.” This settlement comes during an interesting time, as the merchant liability shift for EMV chip cards is coming in October.
The Target breach settlement cases have had their share of controversy in the past two months, including the rejected $19 million settlement Target and MasterCard had negotiated. While that deal was initially reached about four months ago, the terms of the deal required that 90 percent of issuers of the impacted accounts agree on the terms. But while the MasterCard settlement hit a snag, the Visa settlement moved a bit swifter since Target had relayed that it received support from Visa’s issuers.
The criticism from the reimbursement process stems from the suggestion from issuers that the cost of re-issuing cards and having staff to handle customer issues related to the breach has spiked the breach-related costs beyond what they are able to request for reimbursement. Target has commented that that amount was already reflected in its prior fiscal results from the past year.
The sources who commented on the Visa case say the $67 million is the max that Visa can request per its own regulations. The Journal‘s sources also reported that Target is offering an incentive to issuers to offer reimbursements for fraudulent transactions in order to avoid lawsuits.
“Nevertheless, the fact remains that data breaches are an unfortunate situation for all parties involved — especially consumers,” Visa stated, according to The WSJ.