Last year’s Target Corp. consumer data security breach affected more than 8% of debit cards and nearly 4% of credit cards, with the average loss to banks amounting to $331 per debit card and $530 per credit card, according to a new survey by the American Bankers Association.
Tens of millions of cards were reissued in response to the hacking attack, the ABA said, causing particularly heavy costs for community banks. Those with under $1 billion in assets spent an average of $11.02 to reissue a debit card and $12.75 to reissue a credit card. That compares with $2.70 and $2.99 respectively for banks with more than $50 billion in assets, which enjoy economies of scale.
“These costs are deeply troubling for all banks, especially for community banks,” ABA President and CEO Frank Keating said in a statement. “As each new retailer breach occurs, these costs will be repeated over and over. Enough is enough.”
The association surveyed 535 banks, 75% of which were in the community bank category. The average loss per debit card for community banks was $342 and the average loss per credit card was $399.
The survey also presents anecdotal evidence of the more intangible costs of the Target breach. One community bank told researchers that its call center was “swamped for several weeks, impacting our ability to provide normal servicing” and, with the news media spreading misinformation, “a very large number of customer conversations occurred even if the card was not compromised.”
Some accounts were lost when customers failed to activate replacement cards, the ABA reported, and banks “also experienced loss of revenue due to legitimate point-of-sale declines related to heightened fraud strategies.”
The report did not cover reimbursement for the Target hack, but the ABA noted that only one third of banks reported receiving any reimbursement for fraud losses and reissue costs in the previous five years. Of those that did receive reimbursement, 83% said they received less than 10 cents on the dollar — and 46% reported receiving not even a penny on the dollar.
“These findings make it clear that banks bear too much of the cost of retailers’ data breaches,” Keating said.
Source: Target Breach Impact Survey