Skip Ribbon Commands
Skip to main content
Sign In

Visa upping community bank reimbursements after breaches

Visa upping community bank reimbursements after breaches

Visa responds to ICBA research, advocacy by increasing amount it reimburses small-bank issuers following data breaches. 


​​WASHINGTON, D.C., 21 May 2015 – In response to ICBA research and advocacy, Visa said it will increase how much it reimburses small bank issuers following data breaches. Visa’s new tiered structure for data-compromise cost recovery is based on issuer size and is designed to reflect the higher operating expenses that small and medium-size issuers incur.

As of July 1, issuers will be categorized into small, medium and large payment tiers based on Visa purchase volume of less than US$500 million, between US$500 million and US$10 billion, and more than US$10 billion. Global Compromised Account Recovery (GCAR) operating expense rates for small issuers will be set at US$6 per eligible account. Medium and large issuers will receive US$3.85 and US$2.65, respectively.

Recovery amounts will increase by US$1 for all eligible accounts that were issued chip cards before being involved in a compromise event. And the GCAR will no longer exclude accounts indicated in the Compromised Account Management System alert as expired at the time of the alert.

ICBA has been a strong advocate for data-breach reimbursement levels appropriate to the costs incurred by community banks. Further, the association continues to call for national data security and breach notification standards that would apply to all payments system entities, including retailers, to better protect community banks and their customers from data breaches. ICBA also supports requiring the party that incurs the breach to bear responsibility for the related fraud losses and mitigation costs others incur. 




Cards; Security; Payment services directive