A Finextra member 16 September, 2015, 19:02 2 likes

"... breach forced them to reissue around 25,000 cards, at a cost of $30 million". 

I make that $1,200 dollars per card! How does that work out? 

Bill Trueman - Riskskill.com - London 17 September, 2015, 10:44 1 like

The cost of re-issue will be less than a tenth of that per card. How they can justify that size of loss based upon a reissue alone is not conceivable.

Accordingly, this figure MUST be calculated to include some of the 'consequential loss' - i.e. that the compromised cards were then used. Accordingly the banks will have to show a loss on their cards (as well as the costs to them of re-issue).

If I were in Target (and/or the Lawyers in the the defence team) then I would have plenty of defence arguments to tender:

a) What did the banks do to mitigate the losses.

b) What did their systems look for in the unusual transactional activity.

c) As the cards were compromised with limited security details, why did the banks not check the security details and prevent the transactions (as is done in most other places in the world).

d) As a preventative solution, why had the banks not implemented greater security with EMV (and/ or EMV with CHIP and PIN) as this would have significantly (or completely) removed the possibility that these cards could have been of use. The US issuers involved are far behind the global 'curve' on upgrading to the latest technology that was introduced across the rest of the world 15 - 10 years ago.

Someone introduce me to the consortium of banks or their lawyers to help build their case against Target - or better still to the Target people (and/or their indemnity insurers), as they probably have the much better and more fun case to present to the courts. 

In all cases and scenarios, this will be a superb case to watch; and reveals how poor the infrastructure in the USA is, and how far behind both the infrastructure and the thinking actually is - on all sides.