BOSTON (12/3/07)--Discount retailer TJX Cos. may pay up to $40.9 million in a settlement with Visa Inc. and the company's credit card payments processing bank, Fifth Third Bancorp, in a lawsuit over the largest customer data breach in U.S. history. The agreement, announced Friday, doesn't resolve an unrelated lawsuit by Ameribank, SELCO Community CU, and several other small institutions plus the bank associations of Massachusetts, Connecticut and Maine. That lawsuit suffered a setback Thursday when a judge denied class status for plaintiffs in the case (Associated Press via Money Central/MSN.com Nov. 30). The Credit Union National Association (CUNA) is looking into how the settlement would affect damage claims in the other lawsuit, said CUNA General Counsel Eric Richard. The $40.9 million settlement would help resolve potential claims and other disputes by U.S. Visa issuers, such as credit unions and banks, over the costs of replacing members' and customers' credit and debit cards compromised in the breach. To take effect, the settlement must be approved by issuers of at least 80% of U.S. Visa cards by Dec. 19. By accepting the deal, they would agree to waive their right to sue TJX and Fifth Third, in exchange for payment of their breach-related costs by Dec. 27. Analysts said $40.9 million is likely higher than the costs incurred in replacing cards. A recent Gartner Inc. survey noted that credit card networks generally reimburse banks and credit unions for fraudulent purchases, leaving the financial institutions with the costs of replacing the cards and customer service expenses. As part of the agreement Visa would rescind part of the $880,000 in fines it levied against the companies for failing to meet Visa standards for safeguarding data. TJX and Visa said the rescinsion would increase the funds available for an alternate recovery program for the financial institutions. The agreement does not include other credit card associations such as MasterCard.