JPMorgan Chase & Co (JPM.N) on Saturday notified customers who used debit cards at Target Corp stores during the recent security breach that it limiting use of the cards to cash withdrawals of $100 a day and purchases totaling $300 a day.
The new limit effects roughly 2 million accounts, or fewer than 10 percent of Chase debit card accounts, according to a bank spokeswoman. It does not apply to credit cards.
The bank spelled out the limits in an email to customers with the subject line: "Unfortunately, your debit card is at risk by the breach at Target stores."
The bank said it was taking the action as a precaution and recognized that the move "could not have happened at a more inconvenient time."
Target said on Thursday that computer hackers had stolen data from as many as 40 million credit and debit cards of shoppers who visited its stores during the first three weeks of the holiday season.
Target spokeswoman Molly Snyder declined to comment on JPMorgan's action. She said she "couldn't speculate" on whether other banks issuing debit cards would take similar steps.
The bank said in the letter that it plans to reissue affected debit cards over the coming weeks and in the meantime said employees at its 5,600 branches would help those who need more cash. Many branches will stay open late "if needed," the letter said.
Debit cards, unlike credit cards, typically require customers to enter personal identification numbers when they make purchases at store check-out counters. Initial reports of Target's security breach said data may have been taken through devices at its counters.
Debit cards are used to spend money that has been deposited in checking and other demand accounts at banks. Cardholders are not liable for unauthorized transactions they report to Chase, the bank said.