JPMorgan & Chase Co are limiting how much money their customers can spend on a daily basis because of the data breach at Target over the 2013 Back Friday shopping event.
Cash and debit card spending limits are being implemented on 2 million debit card holders because those customers are suspected of having shopped at Target during the time period in question.
JPM is considering issuing new debit cards to those customers who were directly affected by the data breach.
Chase customers will be limited to $100 daily withdrawal from ATMs.
Debit card users will see $200 – $500 daily limits as well as $500 daily purchase limit.
Customers are encouraged to come into their local branch to withdraw more cash if necessary; however that too is limited to $300 per day.
The new rules will take a few weeks for full implementation. With issuing new cards, JPM recommends that “about half of its 5,600 branches in 23 states can issue new cards on the spot for customers who want the limits lifted faster.”
Due to this new change, JPM “decided to open about a third of its branches on Sunday, when they were normally closed, to help affected customers.”
Because an estimated $40 million was allegedly stolen due to the data breach, JPM does not want to take chances with customers – thereby installing controls on customer funds.
Target Corporation has offered in-store shoppers a 10% discount over this past weekend for having their person information stolen.
Ken Perkins, founder of Retail Metrics commented : “Given how deep discounts have been across the retail landscape this holiday season, I don’t know if that moves the needle that much. Twenty percent might have drawn serious interest, but 10 percent? I don’t know.”
Other banks such as Bank of America (BoA) and Citigroup are taking precautions to monitor and control cash flow from customer accounts using the Target incident as justification.
Earlier this week, Target Corporation had a security breach during this year’s Black Friday in which “millions of customer credit and debit card records” were stolen.
Brian Krebs, computer security expert, stated: “I’ve heard from five different people at five different banks, and the banks are being tipped by the card companies. At least two major card issuers [banks] said hundreds of thousands of cards had been compromised, and there are dozens of card issuers, so that adds up to millions of cards.”
This problem “extends to nearly all Target locations nationwide, and involves the theft of data stored on the magnetic stripe of cards used at the stores.”
Krebs explains: “The type of data stolen — also known as track data — allows crooks to create counterfeit cards by encoding the information onto any card with a magnetic stripe. If the thieves also were able to intercept PIN data for debit transactions, they would theoretically be able to reproduce stolen debit cards and use them to withdraw cash from ATMs.”
Analysts have concluded that the breach occurred on Black Friday and continued into the middle of December affecting “an unknown number of Target customers who shopped at the company’s main street stores during that timeframe.”
Target collects data on customers, including:
• Date of birth
• Social security number
• Driver’s license number
• Credit card information
• Email address
By installing malware into the system, “or persuaded an unsuspecting employee to click on a malicious link that downloaded malware that gives cybercriminals a foothold into a company’s point-of-sale systems.”
Technology has afforded retailers the ability to track customers through mobile phones, work computers and even while in line at the register.
Holiday shopping is proving to be a massive data mining endeavor with signups for loyalty cards that collect data on customer behavior.
The private information available to retailers from customer loyalty cards can include:
• Zip codes
• Home/employment addresses
• Personal income
• Insurance expiration
Retailers claim that this information derived from monitoring the public can “determine exactly what kind of buyer [the customer] might be and how much [the customer is] willing to pay” for products.
Mailing lists can ensure that retailers can install cookies into customer’s computers to watch their movements online with provisions for ‘relevant pop-up ads” marketed to specified potential customers.