Target (NYSE:TGT) isn’t the only company doing damage control following reports that the big-box retailer suffered a security breach in which data from as many as 40 million credit and debit cards were stolen. JPMorgan Chase (NYSE:JPM) announced shortly after news of the breach broke that it would be limiting the the amount of cash that Chase debit card holders could withdraw at ATMs, as well as the amount they could purchase using the card, in a single day.
Target confirmed that it had been made “aware of unauthorized access to payment card data that may have impacted certain guests making credit and debit card purchases in its U.S. stores” on December 19, but the security breach occurred between November 27 and December 15. Target will bear the brunt of the financial and reputational damage related to the breach, but depending on the circumstance banks like Chase can be on the hook for losses that result from fraud.
Like many other banks, Chase has a zero-liability fraud agreement, which means that it could be responsible for refunding debit card holders if money is fraudulently withdrawn from their accounts. Due to this, Chase limited the amount of money that a debit card holder could withdraw from an ATM to just $100, and the amount they could spend using the card to $300.