JPMorgan Chase is strictly limiting the debit card use of shoppers who used Chase debit cards at Target during the retailer's recent data breach, which took place November 27 to December 15.
The two million Chase customers affected will be allowed to withdraw only up to $100 a day and make purchases totaling $300 a day, according to news reports in Reuters, the Wall Street Journal and NBC News, which had obtained letters the bank sent to customers.
The bank declined to answer American Banker's questions about this development. It shared a statement saying a third of its branches were open Sunday to help customers affected by the Target breach who needed more cash than the $100 permitted.
On its website, the bank did acknowledge that some Chase debit card and Liquid card customers would experience temporary limits on cash and purchases until the bank could replace their cards.
Meanwhile, Target shared some new information about the breach on Saturday, including this statement: "There is no indication that PIN numbers have been compromised on affected bank issued PIN debit cards or Target debit cards. Someone cannot visit an ATM with a fraudulent debit card and withdraw cash." Asked to explain Chase's decision to limit ATM withdrawals in light of this update, a Chase spokesperson said, "We don't have any further comment."
On its website, the bank said all the affected cards have "Zero Liability Protection," meaning customers are not liable for unauthorized transactions they report to the bank. It also said it is using sophisticated fraud-monitoring tools to review account transactions and detect unusual spending and ATM patterns. Chase credit cards are not affected, the bank stated.
All told, the data breach Target confirmed on Thursday affected 40 million credit and debit cardholders. Target has offered free credit monitoring for all impacted customers and a 10% discount to all Target card users.