Framingham-based TJX Cos. completed its previously announced settlement with MasterCard International and its issuers last week.
Financial institutions representing 99.5 percent of eligible MasterCard accounts worldwide that said they were affected by the unauthorized computer intrusion at TJX, ac-cepted the alternative recovery offer, TJX said.
TJX funded $24 million pre-tax in alternative recovery payments. Banks and credit unions that accepted the offer agreed to drop any potential future legal claims against TJX and its acquiring banks.
Massachusetts Bankers Association spokesman Bruce Spitzer said that Visa reached a similar alternative settlement, funding $41 million in payments to card-issuers affected by the TJX breach, last December. Institutions representing about 95 percent of eligible accounts accepted that settlement.
Separately, TJX reached a settlement with the Federal Trade Commission in March, which requires it to implement comprehensive technology security programs and obtain audits by independent third-party security professionals every other year for 20 years.
Spitzer said the MasterCard and Visa settlements “probably only represent pennies on the dollar [in recovery] for most banks.”
But, he said, banks will fare better from these settlements than they would by negotiating individually.
Spitzer said he believes the MasterCard and Visa settlements were due, in large part, to pressure TJX felt following the lawsuit MBA filed on behalf of member banks in April 2007.
MBA, which filed the suit with the Maine and Connecticut bankers’ associations, along with two member banks, sought class-action status for member banks. It claimed that TJX was negligent, misrepresented that it was protecting customer data and breached its contract terms within the network of credit- and debit-card merchants – specifically, with Chicago-based Fifth Third Bank, which processes its Visa and MasterCard transactions.
The lawsuit sought reimbursement for banks’ cost to replace compromised cards, a court order requiring TJX not to store customer financial data beyond points authorized in its contract with Fifth Third Bank, and a finding that TJX violated Massachusetts’ deceptive acts and unfair trade practice law.
MBA settled the lawsuit last December after a judge would not certify class-action status, Spitzer said.
“We decided it would have been a drain on our resources” to continue pursuing it in state court, he explained.
But MBA believes that it achieved many of its goals through the suit, Spitzer said, including the settlements with Visa and MasterCard, increased public awareness that retail data breaches are not bank card-issuers’ fault, and a significant increase in the number of U.S. retailers that now are compliant with payment card industry data security stan-dards.
Between June and December last year, the percentage of national retailers compliant with PCi standards has gone up from 40 percent to 70 percent, he said.
Carol Meyrowitz, president and chief executive officer of The TJX Cos., said, “consumers ultimately benefit from merchants and payment card companies working more closely together.”
TJX operates 857 T.J. Maxx, 786 Marshalls, 295 HomeGoods and 130 A.J. Wright stores, as well as 34 Bob’s Stores, in the United States. In Canada, it operates 196 Win-ners and 73 HomeSense stores, and in Europe, 228 T.K. Maxx stores and 2 HomeSense stores.
