Banks Say Target Hack Has Cost Them $153 Million In Replacement Cards

It’s not just Target’s sales figures that are feeling the sting of the massive data breach that affected more than 100 million customers at the height of the holiday shopping season. According to a group representing the nation’s retail banks, financial institutions have had to spend more than $153 million to replace credit and debit cards in the last six weeks.

Among banks, JPMorgan Chase and Citi are the two largest institutions that opted to proactively replace debit cards for customers whose accounts were affected by the Target breach. But they are only a sizable chunk of the 15.3 million cards the Consumer Bankers Association says have been replaced in the wake of the breach.

According to the CBA, the average cost of replacing a card is $10 per card. Included in that amount is the cost of the actual card, plus the expenses associated with informing consumers of the card being reissued, shipping and activating that new card, and any supplemental communications consumers have with the banks’ call centers about these replacement cards.

And so it calculates that the current total cost to its member banks is at least $153,903,440 and growing.

The CBA says these numbers reflect just the new cards that have been issued in direct response to the Target hack. It does not include any new cards handed out related to smaller breaches like the one at Neiman Marcus or the possible attack on the Michaels chain of craft stores.

Meanwhile, earlier today U.S. Attorney General confirmed at a Senate hearing that the Justice Department is indeed actively investigating the Target breach.

“While we generally do not discuss specific matters under investigation, I can confirm the Department is investigating the breach involving the U.S. retailer, Target,” said Holder.

Banks have replaced 15.3 million cards since Target breach [StarTribune.com]

Read Comments4

Edit Your Comment

  1. SingleMaltGeek says:

    Maybe this will convince them that it’s worth the “expense” to transition to chip-and-pin cards. If they have a strict two-factor requirement it would be much more secure.

    • theoriginalcatastrophegirl says:

      it’s not the chipped cards so much as it is lack of chip readers. my credit union has been issuing chipped cards for 4 years now. i have never seen a chip reader for my card. my dad has used his internationally with great success. but US businesses just don’t want to get into the expense of new hardware

      • AdamStew82 says:

        That’s easy to remedy… Visa/Mastercard can say “you can upgrade your equipment to the latest chip/pin merchant equipment, or you will be responsible for any fraud claims.”

        Part of what the merchants pay for in accepting Visa/Mastercard (known as the interchange rate) is an insurance that if they follow all of the rules for card acceptance then they are guaranteed payment.

        Right now, for in person transactions, you have to swipe the card, get a real-time authorization, verify the signature on the receipt matches the signature on the back of the card, and act in good faith in delivering the promised goods and dealing with the card holder. As a merchant, as long as you follow those rules during card acceptance and promptly respond to any inquiries about fraud, then you’ll get paid…even if it was fraud.

        Visa/Mastercard could change the rules to say that swiping the card is no longer good enough. You have to accept the card via chip/pin for payment to be guaranteed.

  2. SuperSpeedBump says:

    Awww, poor banks. It sure sucks when someone’s bad practices results in you losing money. I guess now you know what it feels like.