But what will happen next, now that the issuers have walked away from a deal they viewed as offering inadequate reimbursement for their breach expenses?
One payments security expert says MasterCard will likely renegotiate its settlement to avoid lengthy litigation. Meanwhile, an attorney representing banks and credit unions involved in a class-action lawsuit against Target, which seeks to recoup breach-related expenses, says the suit will push forward.
John Buzzard, who heads up FICO`s Card Alert Service, says MasterCard is likely to offer a new settlement that better meets the expectations of issuers.
`I`m surprised the settlement didn`t pass, and at the same time, I can totally understand why there is reluctance to accept a number that seems small to many issuers,` he says. `I would imagine that renegotiation could be on the table again. A lengthy court battle and the complexities involved in a class action lawsuit could be mired in red tape for years.`
Charles Zimmerman, co-lead counsel for the banking institution plaintiffs in the class-action suit against Target, says banks and credit unions agreed the settlement was unfair and decided they would rather push forward with their class-action suit, rather than agree to a settlement that provides inadequate reimbursement for their substantial breach-related expenses.
`We are pleased that financial institutions have resoundingly rejected Target and MasterCard`s attempt to avoid fully reimbursing the losses suffered during one of the largest data breaches in U.S. history,` Zimmerman said in a statement provided to ISMG. `Financial institutions clearly saw through Target`s misleading statements and efforts to extinguish pending legal claims for pennies-on-the-dollar. We will continue working to hold Target accountable and ensure that all affected financial institutions receive proper compensation for losses resulting from this data breach.`
MasterCard did not respond to ISMG`s request for comment. But the Star Tribune in Minneapolis, where Target is based, reports that MasterCard says it`s `working to resolve the matter.`
Settlement Voided
Target spokeswoman Molly Snyder confirms MasterCard failed to get enough banks and credit unions to agree to the settlement`s terms by the May 20 deadline.
`The April 16 settlement agreement between MasterCard International Inc. and Target was to become effective if eligible issuers of at least 90 percent of all qualified accounts opted in to the settlement by May 20, 2015,` Snyder tells Information Security Media Group. `MasterCard has informed Target that the 90 percent threshold was not reached by the May 20 deadline. Target has nothing further to share at this time.`
Visa is working with Target and banking institutions to come up with a viable breach-expense recovery strategy, a Visa spokeswoman tells ISMG.
`Visa continues to work with Target and its acquiring financial institutions regarding any potential liability under Visa`s Global Compromised Account Recovery program,` the spokeswoman says.
Setting a Precedent?
Attorney Chris Pierson, chief security officer at invoicing and payments provider Viewpost, says banks` and credit unions` reluctance to agree to the terms of MasterCard`s settlement with Target should serve as a wake-up call to the card brands.
`The failure of this settlement to pass is new ground that the card associations will need to consider and grapple with in this specific matter, and going forward with other notable breaches,` he says. `The change in behavior may underscore the underlying frustration of fraud fallout from card-centric breaches.`
Read original article
No comments:
Post a Comment