A group of Massachusetts community banks have filed a class-action lawsuit against Target Corp., hoping to force the big-box retailer to pony up some of the costs of dealing with last year’s data breach.

HarborOne Bank in Brockton, Mutual Bank in Whitman and Pittsfield Co-operative Bank filed the suit against Target and data security company Trustwave Holdings in Minnesota, where the giant retailer is based. 

In the wake of the Target data breach,

HarborOne canceled and reissued 4,369 debit and credit cards; Mutual Bank canceled and reissued 1,359 cards; and Pittsfield Co-operative canceled and reissued 251 cards, according to the lawsuit.

The banks allege that shoddy or subpar data security practices on the part of Target cost the banks time, money and customer trust. The suit further alleges that Target violated several Minnesota laws by failing to delete certain card security code data more than 48 hours after it authorized transactions, and by failing to meet its responsibility for notifying financial institutions of the breach.

Although the banks hope to recoup some of their financial losses, Glen S. White, chairman and CEO of Mutual Bank, expects that any monetary compensation will be minimal.

What he and other bankers really want, he said, is for retailers to step up and take more responsibility for preventing data breaches and card fraud.

“We had nothing to do with the breach at all, and we’re always the ones who get the short end of the stick,” White said. “We’re the ones who were left with the fraud, and we’re the ones who are left with the reputation damage.”

It’s a bitter pill for many bankers to swallow, he added, particularly when the subject of interchange fees comes up for discussion among lawmakers.

“It’s just irritating when the retailers are constantly lobbying Congress that we make too much on this interchange fee when we’re sharing all the responsibility for their impropriety,” White said.

Converting To EMV

Meanwhile, Mutual Bank and others have been planning their conversion from magnetic stripe cards to EMV cards, also known as “chip and pin,” the card technology currently popular in Europe and Asia, which is commonly touted as a more secure system than the one currently used in the United States. It has yet to catch on in the U.S., but enthusiasm for EMV has been on the upswing since the Target breach.

Leanne Allegrini, Mutual Bank’s vice president of deposit operations, said it is still working out the specifics of its conversion to EMV, which depends in large measure upon the willingness of merchants to install card readers compatible with the technology.

“It’s only good as long as those merchants implement it,” she said.

Steve Montross, CEO of CPI Card Group, said his company has been preparing for the switch to EMV since late 2010.

“That Target breach was the triggering event. Now we’re seeing demand going through the roof,” he said.

Montross said he knew this day was coming, adding that the U.S. is the last major economy to move toward EMV.

Even so, Montross said, EMV would not have stopped the data breach at Target. What EMV would have done, he said, is made the stolen data less valuable to the thieves in question – or at least far more difficult to use for counterfeiting cards.

Even if somebody does manage to steal the information off a chip-and-pin card, it still has a magnetic stripe with a code that indicates it’s a chip card. That information would come back to the card issuer, who could then decline any transaction on the card.

 “If we’re living in an EMV world, even if you can take that info and encode it on a magnetic stripe and try to submit that … there are other ways to halt that kind of counterfeit activity,” he said.

More likely than that, however, is fraud in card-not-present transactions, which comprise about 16 percent of all fraud losses, or $8.6 billion per year.

For that, Allegrini said, Mutual Bank has made use of 3D Secure technology in its own cards. That particular safeguard requires the cardholder to create a passphrase and secure code in order to make card-not-present purchases.

“An EMV card is not a cure-all. It’s not a panacea for all the fraudulent use of cards,” Montross said. “But for all card-present transactions, it improves security immeasurably.”

Email: lalix@thewarrengroup.com