Heartland Payment Systems will pay up to $60 million to issuers of Visa-branded credit and debit cards affected by the data breach suffered at the New Jersey-based payments processor in 2008.
Heartland revealed last January that malicious software in its processing system had been found, potentially compromising the card data of millions of people.
The firm has reached an agreement with Visa under which issuers "will have an opportunity to obtain a recovery from Heartland with respect to losses they may have incurred".
The deal is contingent upon acceptance by financial institutions representing 80% of the eligible issuers' US accounts that Visa considers to have been placed at risk of compromise during the intrusion.
Visa will credit the full amount of intrusion-related fines it previously imposed and collected from Heartland's sponsoring bank acquirers towards the $60 million and will notify eligible issuers in the coming days with details about the programme and how to participate.
Ellen Richey, chief enterprise risk officer, Visa, says: "We believe issuers will benefit by participating in this settlement program because it offers an immediate recovery with respect to losses they may have incurred from the Heartland intrusion."
In December Heartland reached a $3.6 million settlement with American Express relating to the breach and has also agreed to pay up to $2.4 million to settle a consumer cardholder class action suit. In November the firm revised its third quarter results by doubling the provision - to $73.3 million - for expenses related to the intrusion.
Last week it emerged that computer hacker Albert Gonzalez has pleaded guilty to the Heartland attack, as well as others, and now faces a minimum 17-year prison sentence.