Companies performing these roles for Target were identified in a research note by Robert W. Baird & Co analysts on Dec. 19. (Read more: Loyalty programs could feel Target breach fallout)
A spokesman for the joint venture declined to comment, as did a spokesman for Bank of America. Bank of America released earnings on Wednesday morning. (Read more: BofA profit soars as loan-loss provision falls)
A spokeswoman for First Data, Nancy Etheredge, said via email that the company “processes some transactions for one of Target’s merchant acquirers” but declined to offer more detail.
The note also identified Vantiv of Cincinnati as processing transactions for Target customers who type in personal identification numbers for debit transactions. It said Vantiv expected “no impact from the breach.” Vantiv representatives did not return messages.
Target-branded payment cards are issued by Toronto’s TD Bank Group. A spokeswoman said via e-mail that “It would be inappropriate to comment on any potential fines at this time.” (Read more: Target CEO ‘still shaken’ by data breach)
One author of the Baird report, analyst Timothy Wojs, said it is too soon to predict what fines or settlement costs might result. In the past, fines by Visa and MasterCard have been insignificant to payment processors but set the stage for larger settlements to cover bank losses, he said.
Fining the middlemen
Fines in cybercases have drawn some push-back from merchants. In a case in U.S. District Court in Nashville, Tenn., specialty retailer Genesco is suing Visa over the $13.3 million it says Visa wrongfully collected from its banks, Wells Fargo and Fifth Third.
Visa collected the money after a cyberattack obtained payment data, though the data was handled within industry standards, according to the company’s complaint.
Wells Fargo declined to comment. A spokeswoman for Fifth Third did not respond to questions. In court filings Visa defended its actions as in keeping with laws and contracts.
— This story originally appeared on Reuters and CNBC