At least 2 million shoppers who used bank debit cards at Target Corp (TGT.N) stores during its recent data breach are facing lower limits on how much cash they can take out of teller machines and spend at stores.
JPMorgan Chase & Co (JPM.N) said on Saturday it is notifying customers who used Chase brand debit cards at Target from November 27 through December 15 that they are now limited to $100 a day of cash withdrawals and $300 a day of purchases with their cards.
The new limit effects roughly 2 million accounts, or 10 percent of Chase debit cards, according to a spokeswoman for Chase, the consumer banking business of JPMorgan, the biggest U.S. bank by assets.
Chase said it acted as a precaution to prevent criminals from taking money from customer accounts. Chase and other banks say they will cover unauthorized transactions that customers report.
"Banks are putting various precautions in place," Target spokeswoman Molly Snyder said by email, declining to be specific about what the banks are doing.
Representatives for other major banks, including Bank of America Corp (BAC.N) and Citigroup Inc (C.N), told Reuters on Saturday that their institutions take steps to protect accounts, but none described specific actions so broadly limiting to cardholders as those of Chase.
Target's Snyder said that for the debit card it issues and calls Redcard, the company has activated a "deeper fraud monitoring protocol." She did not describe the new steps.
Chase said in its notice to customers that it realized its move "could not have happened at a more inconvenient time with the holiday season upon us."
At Chase, the usual debit card daily limits are $200 to $500 for cash withdrawals and $500 for purchases, according to a bank spokeswoman.
"It seems like the banks are the 'Grinch who stole Christmas,'" said Jamie Court, president of Consumer Watchdog, a consumer advocacy group based in Los Angeles. "It is Target's fault, but children across America are going to bear the price ... The banks are protecting themselves."
Chase spelled out the new limits in an email to customers with the subject line: "Unfortunately, your debit card is at risk by the breach at Target stores."
Target said on Thursday that computer hackers had stolen data from as many as 40 million credit and debit cards of shoppers who visited its stores during the first three weeks of the holiday season.
Chase said in the letter that it plans to reissue affected debit cards over the coming weeks and in the meantime said employees at its 5,600 branches would help those who need more cash. Many branches will stay open late if needed, the letter said.
Debit cards, unlike credit cards, typically require customers to enter personal identification numbers when they make purchases at store check-out counters. Initial reports of Target's security breach said data may have been taken through devices at its counters.
Debit cards are used to spend money that has been deposited in checking and other demand accounts at banks.