Card Replacements Increase to 17.2 Million in Response to Target Breach

February 6, 2014

Breach Costs Continue to Mount, while Retailers Deflect Blame

Washington, D.C. (February 6, 2014) – In response to the recent data breach at Target, the Consumer Bankers Association’s (CBA) member banks have proactively responded by reissuing over 17.2 million debit and credit cards to date at a cost to them of over $172 million. This is an increase from the initial round of 15.3 million card replacements by CBA’s members. 

“When retailers say this data breach come at no cost or liability to consumers they are right - because its banks and card issuers who are on the hook often at little or no cost to retailers like Target. Retailers should recognize the costs of data breaches snowball with time and they should take responsibility when they are at fault,” said Richard Hunt, president and CEO of the CBA. 

Key Facts: Target Data Breach

CBA Member Cards Replaced17,206,844
CBA Member Card Replacement Costs$172,068,440
Target Customers Affected110,000,000
Target Customer Cards Compromised40,000,000

The cost to replace each card comes to an average of $10.00. With a total of 17.2 million cards replaced, CBA’s members have spent over $172 million responding to the Target data breach alone. According to data collected from CBA member banks, the average cost to replace a credit or debit card includes: the card itself, informing consumers of a card reissuement, shipping and activating the card, and often supplemental communication via call centers and the internet.

These numbers do not take into account any fraudulent activity which may have occurred or may occur in the future. Fraudulent activity would push the cost of the Target data breach to the industry much higher, as consumers would not be held liable.

In response to the Target breach and others, CBA has joined fellow financial services trade associations in signing a letter outlining several recommendations for policymakers to help strengthen the payments system and better protect consumers in the event of a breach:

  1. Establish a national data security breach and notification standard. We believe that legislation should be enacted to better protect consumers by replacing the current patchwork of state laws with a national standard for data protection and notice. A good example of this is the Data Security Act of 2014 (S. 1927) introduced by Senators Tom Carper (D-DE) and Roy Blunt (R-MO).
  2. Make those responsible for data breaches responsible for their costs. Financial institutions bear the brunt of fraud costs. An entity that is responsible for a breach that compromises sensitive customer information should be responsible for the costs associated with that breach to the extent the entity has not met necessary security requirements.
  3. Better Sharing of Threat Information. Unnecessary legal and other barriers to effective threat information sharing between law enforcement and the financial and retail sectors should be removed through private sector efforts and enactment of legislation. For example, one such private sector effort is the expansion of membership in the Financial Services Information Sharing and Analysis Center to include the merchant community. No one organization or sector alone can meet the challenges of sophisticated cyber-crime syndicates, so robust communities of trust and collective protection must constantly be developed.

About CBA

The Consumer Bankers Association (CBA) is the trade association for today's leaders in retail banking - banking services geared toward consumers and small businesses. The nation's largest financial institutions, as well as many regional banks, are CBA corporate members, collectively holding two-thirds of the industry's total assets. CBA’s mission is to preserve and promote the retail banking industry as it strives to fulfill the financial needs of the American consumer and small business.