Wall Street Journal reports that the rumored settlement between Target and Mastercard has been completed today, with the retailer agreeing to pay up to $19 million dollars for losses which came about through the massive data breach in December 2013.
The funds will be paid out to the many financial institutions which issue Mastercard-branded cards and will cover the costs incurred to reissue new cards, as well as some of the sustained losses which came about from actual fraud due to the data breach.
Some of the banks included in the settlement are Citigroup, Capital One, and JPMorgan Chase. The deal is only for Mastercard issued cards, with separate negotiations ongoing with Visa to address their losses due to the breach.
It’s interesting to see Target taking some of the liability here. Keep in mind that as of October 1, all major card issuers will be instituting a liability shift for non-EMV cards. Depending on who is liable for the chipless card used – merchant or bank – will be liable for any fraud transaction that occurs, see October 1st EMV Chip Liability Shift Explained & How It Affects Consumers. In this case, Target is already picking up part of the tab for the breach though that new rule is yet to be in effect, apparently due to a degree of negligence in the case.
Target also agreed last month to pay out $10 million in settling a class action lawsuit resulting from the breach, with up to $10,000 going to individual victims of the breach.
Typo: ” target agreed to pay $10 last month”
It should read ” $10 million “
Thanks, fixed.