Reports that Target is close to paying MasterCard nearly $20 million to reimburse credit unions and banks for the costs associated with the retailer's 2013 data breach is not good enough for one CU trade group.
"While we appreciate that the settlement attempts to hold Target somewhat accountable, we were hoping it would be more than just pennies on the dollar," said NAFCU President and CEO Dan Berger. "We believe that this demonstrates the reason why Congress must act to protect consumers' financial information by enacting stronger standards."
The settlement payment likely won't be the last for Target as it's also involved in ongoing talks with Visa over the same issue. MasterCard has been negotiating on behalf of CUs and banks that issue its cards and it would distribute funds from Target to those institutions.
One issue that has hung up the talks is Target's insistence it shouldn't be forced to reimburse financial institutions that would have to reissue cards anyway due to breaches at Home Depot and other retailers, which occurred shortly after the Target incident.
Target has estimated that hackers stole credit and debit card data, as well as personal information, for as many as 110 million customers during the 2013 holiday shopping season. Last month, the Minneapolis-based retailer agreed to pay $10 million to at least 70 million customers whose personal information may have been taken.
CUNA said news of the possible settlement is what credit unions and other card issuers "have been waiting too long to hear."
"It is about time that Target steps up to its responsibilities in this breach," said CUNA President and CEO Jim Nussle. "And it is long overdue for merchants to start living up to their responsibilities in protecting customers' sensitive information by adopting higher security standards. Congress must act and act now to stop the data breaches."
CUNA said that it will be working closely with MasterCard to determine the amount of the settlement that will be dedicated to credit unions' costs.
"We appreciate the open dialogue that MasterCard has had throughout this process, and we understand that they have an aggressive communication plan to get information to their credit union customers. We stand ready to assist them in communicating with the credit union system," Nussle added.
John McKechnie, a partner at Total Spectrum in Washington, said the MasterCard-Target settlement is fine as far as it goes, "but does little to settle the account regarding overall merchant irresponsibility and data security."
Consumers deserve better than an after-the-fact mea culpa, McKechnie added. "When retailers start doing the right thing on breach notification and better protection of data, that will be cause for some celebration," he said.