Target (NYSE:TGT) isn’t the only company doing damage control following reports that the big-box retailer suffered a security breach in which data from as many as 40 million credit and debit cards were stolen. JPMorgan Chase (NYSE:JPM) announced shortly after news of the breach broke that it would be limiting the the amount of cash that Chase debit card holders could withdraw at ATMs, as well as the amount they could purchase using the card, in a single day.
Target confirmed that it had been made “aware of unauthorized access to payment card data that may have impacted certain guests making credit and debit card purchases in its U.S. stores” on December 19, but the security breach occurred between November 27 and December 15. Target will bear the brunt of the financial and reputational damage related to the breach, but depending on the circumstance banks like Chase can be on the hook for losses that result from fraud.
Like many other banks, Chase has a zero-liability fraud agreement, which means that it could be responsible for refunding debit card holders if money is fraudulently withdrawn from their accounts. Due to this, Chase limited the amount of money that a debit card holder could withdraw from an ATM to just $100, and the amount they could spend using the card to $300.
On Christmas Eve, though, Chase announced that it would ease the restrictions to $250 cash withdrawal and to $1,000 spending capacity. The move follows news that, despite rumors to the contrary, it does not appear that any PIN numbers for debit cards were stolen during the security breach.
Target is expected to have to shoulder a legal bill of at least $50 million for the snafu. Avivah Litan, a financial fraud analyst at Gartner, told CNNMoney that fraudulent charges are probably less than $25 million, but that Target will be slammed with legal fees and fines from banks and payment processors.
The financial blow can’t be written off, but the damage to Target’s reputation is likely to be more substantial. The breach was poorly time and shook consumer confidence in the company. Retail consultancy firm Customer Growth Partners told Reuters that customer traffic fell 5 percent in the final weekend before Christmas, right after the security breach. The number of transactions dropped 3-4 percent compared with the same weekend last year, according to the same firm, which was also consulted by the Wall Street Journal. Transactions at other, unaffected retailers were up for the weekend of December 21 and 22.