That yet another major retailer was hacked, as happened last week when Target announced that as many as 40 million credit and debit cards used from November 27 until December 15 at its stores (one wonders why it took the retailer three weeks to realize/announce what was happening) had been "compromised", is no surprise. What was a big surprise is the action one major financial company took in response to the mega hack. The company in question was JPMorgan, and what it did was to tell customers whose debit cards had been used at Target stores during the period in question, that it was limiting use of their cards to cash withdrawals of $100 and purchases to $300 per day.
However, what is perhaps most surprising is the sheer number of cards with spending caps: The new limit effects roughly 2 million accounts, or roughly 10% of Chase debit card accounts, according to a bank spokeswoman.
So with millions of Americans blocked from bulk purchases just in time for Christmas, will the Census department be forced to "seasonally adjust" December retail sales data substantially higher to "pro forma" what spending would have been net of computer hacks?
"We are taking additional measures to protect Chase accounts from the Target breach, and our branches and call centers are there to help these customers," a Chase spokesperson said.
Reuters adds that the bank said in the letter that it plans to reissue affected debit cards over the coming weeks and in the meantime said employees at its 5,600 branches would help those who need more cash. Many branches will stay open late "if needed," the letter said.
Target is working with the Secret Service as well as a forensics unit at Verizon Communications to investigate the breach, which lasted from Nov. 27 until Dec. 15. The company is working to set up a year of fraud protection monitoring for customers affected, Target spokeswoman Molly Snyder said on Saturday.
Typically, banks are responsible for financial losses tied to fraudulent transactions, though in some significant cases that responsibility may be passed on to the merchant. After a similar data breach at discount retailer in 2007, that company agreed to pay $65 million to Visa Inc. and MasterCard Inc. to resolve potential claims by banks that lost money.
On Saturday, Target said it is continuing to help customers obtain credit reports and change pin numbers on their cards to guard against potential fraud.
The security breach raises concerns that Target might lose sales during the final days of the important year-end holiday shopping season. Target offered customers at its U.S. stores a 10% discount this weekend, a move aimed at drawing customers back to its outlets.
Well, it may not be Cyprus where the capital controls and spending caps resulting from the March near-death experience of its financial system will remain forever a long time; instead what it is is a partial form of capital controls resulting from a "security breach", whereby the bank whose obligation is to prevent fraud retroactively, instead imposes blanket proactive spending limits on all. Luckily, such trial computer hacks (and the Syrian Electronic Army has yet to be blamed) will never take place across the entire financial system, usually just in time when there is a wholesale demand of deposits, if only by that part of the population that stil has cash held at zero interest deposit accounts.