Target – the slightly more upscale Wal-Mart – has agreed to pay thousands of Visa card issuers up to $67 million after their colossal December 2013 data breach that exposed around 40 million credit and debit cards. The settlement comes after the rejection of a proposed $19 million deal with MasterCard due to a lack of support from its issuers.
Nearly two years after the fact, no one is quite sure just how much the Target breach affected issuing banks. Trade groups working with various banks and credit unions have estimated costs of over $350 million to reissue cards and handle the financial muddle, but that number could actually be higher given the fact it costs small banks around $11 to reissue a card and roughly $20 per customer service call.
According to Target, the costs of the settlement are already reflected in their previously reported fiscal 2013 and 2014 results, so while that $67 million stings, they can at least call it a lesson learned in utilizing shoddy security systems, and maybe find a way to negate its effect on its drop in profit margins from 4.17 percent in 2013 to -2.25 this year.
Since the hack, Target has made attempts to strengthen security by upgrading monitoring and logging capabilities, reinforcing firewall governance processes, and upgrading cash registers in its nearly 1,800 stores to accept chip cards. They also ousted Gregg Steinhafel as CEO, but not before sending him out with a $61 million severance package.
According to Visa, “this agreement attempts to put this event behind us,” but the fact remains that breaches like this are only increasing - 783 in 2014 alone according to the Identity Theft Resource Center, and it’s only a matter of time before you hear of another one… Wait, that happened yesterday. Man, this whole deal with Target is rough, but at least no divorce lawyers are going to get involved with it.