As the impact of Target's data breach continues to widen, banks that have been slow to reissue cards may be spurred to action.
On Friday, Target acknowledged that its shoppers' personal identification numbers may have been stolen during its recent data breach, which affected about 40 million of the retailers' customers. Target had previously insisted that the PIN data was encrypted and that customer accounts had not been further compromised.
The news may test the patience of the many banks that have taken a wait-and-see approach to dealing with the fallout from Target's breach.
Forty-two percent of American Banker readers said their institutions had not yet reissued cards to customers affected by the breach, and would issue new cards only if they detect suspicious account activity in a customer's account. Forty-eight percent, meanwhile, said their banks would reissue cards because that's the best way to protect affected accounts from fraud. A small number -- 10% -- said the expense, time and inconvenience of large-scale reissuance made it prohibitive.
Even the largest card issuers have diverged on the best way to respond to the Target breach. JPMorgan Chase said it would tighten limits on cash withdrawals and purchases for customers whose data may have been stolen. Other large banks, including Bank of America (BAC) and Wells Fargo (WFC), are tracking their customers' accounts to detect suspicious activity, but have not begun reissuances on a wide scale.
Citigroup (NYSE: C), meanwhile, has been cancelling and reissuing cards for accounts that show signs of fraudulent activity. BBVA Compass, in Birmingham, Ala., said it would reissue cards to all customers affected.