The Target data breach has so far cost US banks over $172 million in re-issued plastic cards, according to figures from the Consumer Bankers' Association.
The cost to replace each card comes to an average of $10.00, with a total of 17.2 million cards substituted so far by CBA members. According to data collected from CBA member banks, the average cost to replace a credit or debit card includes: the card itself, informing consumers of a card reissuement, shipping and activating the card, and often supplemental communication via call centres and the internet.
Richard Hunt, president and CEO of the CBA, says: "When retailers say this data breach come at no cost or liability to consumers they are right - because its banks and card issuers who are on the hook often at little or no cost to retailers like Target. Retailers should recognise the costs of data breaches snowball with time and they should take responsibility when they are at fault."
He says the numbers published by CBA do not take into account any fraudulent activity which may have occurred or may occur in the future. Fraudulent activity would push the cost of the Target data breach to the industry much higher, as consumers would not be held liable.
A recent analysis by Jefferies suggested that Target could be on the receiving end of a $1 billion breach bill from the payment cards industry, working on the assumption that 4.8 million to 7.2 million of the 40 million cards affected by the breach could see fraudulent activity.
CBA has joined fellow financial services trade associations in urging policymakers to enforce tougher standards, including the establishment of a national data security breach and notification standard, a shift in liability to retailers, and better sharing of threat information.