The Mouse That Roared?

May 26, 2015 at 9:18 am 1 comment

The news that the proposed $19 million settlement between MasterCard and Target has been rejected, in no small part because of the vocal opposition of credit unions that complained that the proposed deal didn’t adequately compensate smaller issuers for the costs of the breach that impacted as many as 40 million cards and 110 million people, is an important victory for the industry.  It demonstrates that the concerns of smaller institutions have to be a major focus of any efforts by the courts and policymakers trying to apportion the costs of data breaches.  This may have been the moment when the little financial institutions came together and announced that, when it comes to data breaches, “they’re mad as Hell and they are not going to take it anymore.”

Under an agreement announced between MasterCard and major issuers in March, issuers would have gotten $19 million to settle claims related to the breach provided that at least 90 percent of card issuers signed off on the deal by  May 20th.  If you, like your faithful blogger, were already in long-weekend mode on Friday, you may have missed the news.  As NAFCU’s Carrie Hunt said in this morning’s American Banker, “[t]he failure to opt in to the settlement by financial institutions sends a strong signal to card companies that the current reimbursement system does not work and financial institutions need to be made whole.”

Opposition to the settlement was led by a group of small banks and CSE Federal Credit Union in Lake Charles, La.  They sued Target last year and are seeking to bring a class action lawsuit.  They complained that the settlement amounted to “pennies on the dollar” compared to the actual costs of the data breach.  They filed a motion seeking to block the settlement.  Even though that attempt failed, they lost the battle but won the war.  Their failed attempt provided a platform from which they could argue that the settlement was a bad deal.

Now what? Good question.  When you begin to parse through the legal issues and try to determine not only the cost of breaches but how they should be apportioned we get into murky water here with both sides having incentives to negotiate.  Target wants to move on and it would take years of litigation before credit unions or banks ever get a dime for the breach.

That is why, as good as the lawsuit feels, Congress and legislatures are best suited to apportion the costs of data breaches and prevent further instances.  The litigation comes at a great time for the industry.  Congress is starting to pay attention to data breach issues . . . finally.  The lawsuit shows that the existing system doesn’t adequately protect credit unions for data breach costs.

For your largest issuers, they are just another cost to be absorbed but for smaller institutions data breaches result in direct and indirect costs that, if left unabated, will push even more credit unions to merge or close their doors.

Entry filed under: General, Legal Watch. Tags: .

Happy Trails Ben Lawsky The Most Important Proposal of the Year

1 Comment Add your own

  • 1. Richard Wagner  |  May 29, 2015 at 1:35 pm

    In your first sentence you describe the outcome of the decision as a success for the “industry “. Were you writing about the combined credit union and banking sector, or were you writing about the credit union “movement”? I think the latter. Please use the word “movement ” rather than industry when you are writing about the credit unions in a sentence. Thanks, C. Richard Wagner, Member & Director, Municipal Credit Union


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed

Authored By:

Henry Meier, Esq., General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 510 other followers