MasterCard, Heartland Settlement 'Fair'

Industry Experts Say Latest Offer is in Line with Previous Settlements
MasterCard, Heartland Settlement 'Fair'
MasterCard issuing institutions affected by the Heartland Payment Systems data breach are getting a fair shake in the newly announced settlement, industry experts say.

MasterCard last week announced a $41.4 million settlement from Heartland. The amount of MasterCard's offer in relation to that of Visa's ($60 million) roughly lines up with the relative market share of the two companies, says Tom Wills, a senior security analyst at Javelin Strategy and Research.

"I have to believe that accepting the MasterCard offer will bring a similar benefit to the issuers," Wills explains. While the settlement is nothing spectacular, he says the price of holding out would be higher legal costs and further delays to shareholders who want to see this issue put to bed. "This will play out much like the Visa settlement did," he says.

The relatively low settlement cost leads Avivah Litan, a security analyst at Gartner, to believe that there weren't all that many instances of Heartland-related customer account closures or card reissuance. "I doubt MasterCard (or any) issuing banks would settle for pennies on the dollar," she says. "My guess is that they insisted on fully loaded card replacement costs and all direct fraud costs be reimbursed."

Litan estimates that only 2-3 million MasterCard accounts were actually closed (and others reissued) as a result of this breach. "In all, I think this is probably a very fair settlement that the banks will accept," she says.

Dr. Anton Chuvakin, a noted PCI security expert, doesn't believe that all of the compromised cards were replaced. "The amount might well be in the vicinity of their actual costs -- who knows?" he says. "In light of this, a class action suit is an expensive and uncertain option that ventures far into the uncharted territory."

'Same Song Second Verse'

The MasterCard settlement may very well mirror that of Visa's, says Richard Coffman, one of the lawyers representing the financial institutions' class action suit against Heartland. Coffman prefaced his statement that his comments would be based on the assumption that the MasterCard settlement offer to issuing institutions would be similar to the one Visa offered its issuing institutions. "If it is similar to Visa's settlement, we'll have the same song, second verse type of settlement," Coffman states.

In the Visa case, the card company rushed a settlement to its issuers, telling them at the time they may or may not have any chance to recover their losses from Visa. Shortly after the deadline came, Visa then announced its ACDR plan, and everyone else that didn't accept the settlement got approximately 50 percent, and "they didn't have to release their claims against Heartland and its acquiring banks," Coffman explains.

Coffman says the MasterCard settlement is consistent with the split of cards affected. About two-thirds of the 130 million affected cards were Visa issued; a little less than one-third were MasterCard's.

This settlement, along with the proposed consumer class action settlement that got preliminary court approval in late April, leaves only the financial institutions' class action suit to be heard.


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.