Target Corp. reached an agreement with Visa Inc. that will reimburse card issuers as much as $67 million for costs incurred by the retailer's massive data breach during the 2013 holiday shopping season, according to people familiar with the situation.

The deal, which came after months of negotiations, covers credit cards and debit cards issued by thousands of financial institutions under the Visa brand.

The two companies confirmed that they struck a deal, although they didn't disclose the amount that would be paid in the settlement.

Target's breach was one of the largest in recent years, exposing 40 million credit and debit cards to fraud and causing an unknown amount of losses to card-issuing banks.

The exact amount of fraud that resulted from the Target breach still isn't known. Trade groups representing community banks and credit unions estimate that they have spent more than $350 million to reissue credit and debit cards and deal with other issues related to the Target breach and a subsequent hacking at Home Depot Inc.

Target said it was pleased with the deal. Visa said "this agreement attempts to put this event behind us" as it concentrates on shifting consumers to more secure payments.

The pact comes two months after issuers unexpectedly rejected a $19 million settlement that Target had negotiated with MasterCard Inc. That deal, reached in April, required the approval of 90% of banks representing cardholder accounts that were affected by the breach.

The Visa deal appears to have more certainty, however, because Target said that it has already received support from Visa's largest card issuers.

Card issuers have long complained about the process by which they are reimbursed for data breaches and the fraud that results from them. They say that the reimbursement doesn't begin to cover the costs associated with issuing new cards and adding more call-center staff to handle customer questions.

People familiar with the settlement said that the amount being paid by Target includes the maximum amount that is laid out in Visa's regulations.

Target is also dangling an incentive to issuers that will reimburse them for any fraud that stemmed from certain debit-card transactions as long as those issuers agree not to sue the retailer. Those transactions cover debit cards that are branded by Visa, but are routed over other networks, these people said.

The maximum amount to be paid by Target under both scenarios is $67 million.

Target said the costs of the settlement were already reflected in its previously reported fiscal 2013 and 2014 results.

While cardholders aren't responsible for unauthorized purchases, lenders are on the hook to cover the cost of fraud and expense of reissuing cards when a breach occurs. MasterCard and Visa typically negotiate with the breached entities to recover losses for their card-issuing banks.

"Nevertheless, the fact remains that data breaches are an unfortunate situation for all parties involved—especially consumers," Visa said.

Write to Robin Sidel at robin.sidel@wsj.com

Subscribe to WSJ: http://online.wsj.com?mod=djnwires

(END) Dow Jones Newswires

August 18, 2015 13:25 ET (17:25 GMT)

Copyright (c) 2015 Dow Jones & Company, Inc.
Target (NYSE:TGT)
Historical Stock Chart
From Mar 2024 to Apr 2024 Click Here for more Target Charts.
Target (NYSE:TGT)
Historical Stock Chart
From Apr 2023 to Apr 2024 Click Here for more Target Charts.