By Robin Sidel
Target Corp. is close to reaching a settlement with MasterCard
Inc. to reimburse financial institutions roughly $20 million for
costs they incurred from the retailer's massive data breach in
2013, according to people familiar with the negotiations.
The deal, which could be announced as soon as this week, comes
after months of negotiations, these people said. The $20 million
covers costs that banks incurred to reissue credit cards and debit
cards as a result of the breach, as well as some of the fraud that
resulted from the exposure of customer information, these people
said.
The payout would be roughly the same as TJX Cos. paid to
MasterCard issuers in 2008 for a data breach that exposed more than
100 million cards to fraud. TJX is the parent of discount retailer
TJ Maxx and other chain stores.
The settlement underscores the ongoing financial costs that are
associated with a wave of data breaches that have exposed hundreds
of millions of Americans to fraud over the past year. Target
disclosed in a recent financial filing that it has incurred $252
million of breach-related expenses.
Target's breach, in particular, rattled consumers because it
occurred during the winter holiday shopping season. The breach
compromised 40 million credit and debit card accounts.
The breach also set off a frenzy among card-issuing financial
institutions as they scrambled to send new cards to customers. Some
took the unusual step of reissuing cards en masse even if no
fraudulent activity had been detected.
It also led to renewed calls for merchants to upgrade their
terminals at the checkout line to accept cards that are embedded
with a computer chip that are more difficult for thieves to
replicate. Target has since upgraded its stores to accept the more
secure cards that are now being issued by financial
institutions.
Other merchants are also upgrading their equipment ahead of an
October deadline that will shift fraud liability from banks to
merchants under certain circumstances. Some merchants are saying,
however, they won't be able to meet the deadline.
Minneapolis-based Target is likely to be on the hook for more
payments in the future. The company is holding similar negotiations
with Visa Inc., which is larger than MasterCard, according to
people familiar with the talks.
In March, Target agreed to pay $10 million to settle a consumer
class-action suit tied to the breach.
MasterCard, which has been negotiating with Target on behalf of
the card-issuing financial institutions, will distribute the
reimbursed funds to the firms that issue credit cards and debit
cards under its brand.
Citigroup Inc. is the largest MasterCard issuer with 46 million
credit cards, according to the Nilson Report, a Carpinteria,
Calif.-based industry newsletter. Capital One issues 43.2 million
credit cards under the MasterCard brand and J.P. Morgan Chase &
Co. issues 18 million.
The negotiations have been particularly difficult because the
Target breach was followed by a wave of other high-profile
breaches, including one at Home Depot Corp. that was even larger.
During the discussions, Target representatives contended that they
shouldn't be forced to reimburse banks for reissuing cards that
would have needed to be reissued anyway due to the other breaches,
according to people familiar with the negotiations.
Write to Robin Sidel at robin.sidel@wsj.com
Access Investor Kit for MasterCard, Inc.
Visit
http://www.companyspotlight.com/partner?cp_code=P479&isin=US57636Q1040
Access Investor Kit for Target Corp.
Visit
http://www.companyspotlight.com/partner?cp_code=P479&isin=US87612E1064
Access Investor Kit for Visa, Inc.
Visit
http://www.companyspotlight.com/partner?cp_code=P479&isin=US92826C8394
Subscribe to WSJ: http://online.wsj.com?mod=djnwires