U.S.

Chase limits customer spending after credit-card security breach at Target

Bank says holders will only be allowed to withdraw $100, make purchases of up to $300 per day until security restored

Target announced on Thursday that it was the victim of the second-largest credit-card security breach in U.S. history.
Joe Raedle/Getty Images

JPMorgan Chase & Co. on Saturday notified customers who used its debit cards at Target stores during the retailer's recent security breach that it was limiting the use of its cards to $100 of cash withdrawals from ATMs per day and purchases totaling $300 a day.

The new limit affects roughly 2 million accounts, or about 10 percent of Chase debit-card holders, according to a bank spokeswoman. It does not apply to credit cards.

The bank detailed the limits in an email sent to customers with the subject line: "Unfortunately, your debit card is at risk by the breach at Target stores."

The bank said it was taking the action as a precaution and recognized that the move "could not have happened at a more inconvenient time."

Target, The U.S.' third-largest retailer, which made $72 billion in sales in 2012, acknowledged Thursday that data connected to about 40 million credit- and debit-card accounts was stolen as part of a breach that began over the Thanksgiving weekend.

The Minneapolis-based retailer has offered customers a 10 percent discount on all purchases made in Target stores on Dec. 21 and Dec. 22., as well as free credit-monitoring services for those affected by the breach. In a statement, the company said that while "very few" customers had reported fraud, it was reaching out to everyone at risk. The company also said it is continuing its investigation into the matter.

"We take this crime seriously," Target CEO Gregg Steinhafel said in a seperate statement published on the company's website.

The theft is the second-largest credit-card breach in U.S. history, exceeded only by a scam that began in 2005 involving retailer TJX Cos, which owns T.J. Maxx, Marshalls and HomeGoods. That incident affected at least 45.7 million card users.

Target spokeswoman Molly Snyder declined to comment on JPMorgan's action. She said she "couldn't speculate" on whether other banks issuing debit cards would take similar steps.

JPMorgan Chase said in its email that it plans to reissue affected debit cards over the coming weeks. In the meantime, the bank said employees at its 5,600 branches would assist customers in need of additional funds. Many branches will stay open late "if needed," the email said.

Debit cards, unlike credit cards, typically require customers to enter personal identification numbers when they make purchases at store check-out counters. Initial reports of Target's security breach said data may have been taken through devices at its counters.

Debit cards are used to spend money that has been deposited in checking and other demand accounts at banks. Cardholders are not liable for unauthorized transactions they report to Chase, the bank said.

Al Jazeera and wire services

Find Al Jazeera America on your TV

Get email updates from Al Jazeera America

Sign up for our weekly newsletter

Get email updates from Al Jazeera America

Sign up for our weekly newsletter