By Setting Debit Limits Following Target Breach, Chase Looking Out for Itself, Too
Yesterday, Chase bank notified some of its customers that it was limiting debit card purchases and ATM withdrawals they could make in the wake of the recent card breach at big-box retailer Target.
Chase debit card holders who shopped in a U.S. Target store between Nov. 27 and Dec. 15 will temporarily only be able to withdraw $100 at a time from ATMs, and make purchases of up to $300, Chase told customers in an email and in a notice on its site.
The limits will remain in place temporarily while Chase issues new debit cards to approximately two million of its customers who shopped at a Target store during the timeframe. While the investigation into how the Target breach occurred is still ongoing, security blogger Brian Krebs reported Friday that some card info from the Target heist is already for sale on underground markets.
Chase’s decision to set limits and issue new cards comes as Target continues to say that it has no reason to believe that debit card PIN codes were stolen, while names, card numbers and expiration dates were.
So why is Chase taking the action it is? For one, you can imagine it’ll be a relief to Chase customers to just get a new card and not have to worry about monitoring their possibly-compromised card for the foreseeable future. At the same time, the limits will also be inconvenient for many in the days leading up to Christmas, so Chase says some branches will stay open later than normal or even open today, Sunday, to accommodate affected customers.
But, at the same time, Chase is also looking out for Chase. The bank has made the calculation that it’ll be less costly to take the steps it is now taking than deal with the loss of financial and time resources that could come in the event that Target’s breach leads to more fraud than anticipated on Chase customer cards. Some would call that smart business.
As someone who knows both businesses well told me this weekend, “Chase knows more than Target about fraud.”
While Chase is issuing new debit cards to all affected, Target is not doing the same with its Redcard holders. A Target spokesman did not immediately respond to a request for comment on that decision.
Instead, Target has said it is working on putting in place a free, credit-monitoring service for all shoppers who may be affected.
Yaron Samid, CEO of BillGuard, a service that monitors credit- and debit-card accounts for fishy transactions, called the Target offer “a nice gesture,” but a solution to the wrong problem.
“Credit monitoring alerts you to changes in your credit report, which has nothing to do with fraud on your credit cards or debit cards,” he wrote in an email to AllThingsD. “Changes in your credit report are based on new account openings or delinquencies in paying your bills. It’s ideal for protecting people from Identity Theft — when someone tries to open an account with your information.”
Samid said he has been trying to contact Target executives to offer BillGuard to affected Target shoppers, which would undoubtedly provide a huge awareness boost to the New York City startup.
“Our crowdsourced transaction monitoring network incorporates the inputs of millions of cardholders who spot suspicious charges on their cards and flag/report them similarly to marking an email as spam,” he wrote. “We them find similar charges on our users cards and prioritize them for their review.”
“We can and want to help, free to charge,” he added.