The data breach of Target Corp.’s payment system last week has reached Wichita area banks and their customers, bank officials said Monday.
Intrust Bank on Friday sent e-mails to customers who the bank thinks used their Intrust debit and credit cards at a Target store between Nov. 27 and Dec. 15. Intrust is in the process of issuing new cards, said Tom Morrison, the division director who oversees Intrust’s operations and technology, and on Monday was following up the e-mails with letters to affected customers.
Morrison would not say exactly how many customers of the $4.1 billion bank were affected.
“I think it’s safe to say that we are ranking this as probably the second-largest single event we’ve had to face with our customers,” Morrison said.
Trish Minard, president of much smaller Southwest National Bank, said the breach has affected 500 of the $432 million bank’s customers and employees.
Minard said she thinks it could be “well after Christmas” before her affected customers receive their new cards, because the breach is so large that “every bank is probably hitting card issuers saying, ‘Give me the (new) cards now.’”
Officials at Commerce Bank said “it’s way too early” to know how many of its customers were affected. And a Fidelity Bank spokesman said he didn’t yet know how many customers of the $1.5 billion bank were affected.
Minard said she worries that the Target data breach – estimated to have affected 40 million customers – could result in a financial loss for her bank before it’s all over.
“The bank takes the loss, not the customer,” she said of any fraudulent charges made on Southwest National cards that may have been compromised.
Minard and other bankers said sometimes banks get compensated for losses in events like this, but the compensation is typically “a fraction” of the money a bank loses.
She said she doesn’t know yet of any fraudulent charges made on the bank’s cards.
The event and threat of financial loss has prompted her bank to place daily limits on how much money Southwest customers affected by the breach can spend or withdraw using their debit cards.
On Saturday, Reuters reported that JPMorgan Chase & Co. had notified customers whose debit cards were affected that they were limited to $100 a day of cash withdrawals and $300 a day of purchases with their debit cards.
Minard didn’t disclose details of Southwest’s limits but said they were higher than Chase’s limits.
Equity Bank was also placing daily limits on cards affected by the breach, said executive vice president Jennifer Johnson.
The breach at Target affected credit and debit cards, but most banks are placing limits only on debit cards.
“Hopefully we find a healthy balance” between the needs of customers and the desire of the bank to minimize the impact of fraudulent spending, Johnson said.
An Intrust spokeswoman said the bank has not placed any daily spending limits on the cards of its affected customers but is monitoring their accounts closely for any potential fraudulent charges.
All of the bank officials said the stealing of credit and debit card information for fraudulent purchases and withdrawals is a daily occurrence, and that the potential for financial loss to a bank is “the cost of doing business.”
“Unfortunately this happens all too often,” said Carl Bradbury, Commerce’s director of consumer card products. “There are probably 10 or 20 other compromises going on right now. For us, it’s this sort of rolling wave activity that never stops.”