Large Financial Institutions Choose Mass Card Reissues in Wake of Target Breach

Navigator Edition: February 2014
By: Casey Merolla

In the wake of the Target data breach late last year that affected as many as 40 million credit and debit accounts and up to 110 million consumers, large U.S. financial institutions have been reissuing debit and credit cards in record numbers. Prior to December, the general trend in fraud prevention had been moving away from mass card reissues and instead emphasized targeted transaction monitoring and tracking. However, the high profile of the Target data breach and, in some cases, the rapid increase in fraud experience, has caused many financial institutions to make the proactive decision to reissue all (or a large portion of) affected cards.

First Annapolis conducted an informal review of top financial institutions and found that 22 of the top 30 issuers by number of debit cards are actively replacing cards. Many of these financial institutions are reissuing affected cards in both debit and credit portfolios, while others have chosen to reissue one product type and monitor others. The remaining eight financial institutions in the top 30 have taken the more traditional route of increasing fraud monitoring and tightening fraud parameters on those accounts and are replacing cards as fraud is identified or at the customer’s request. The situation remains fluid however, as issuers continue to make the decision to proactively replace cards. In the last week of January alone, both Wells Fargo and US Bank announced that they will be reissuing cards despite previous public announcements that they would focus instead on transaction monitoring.

Figure 1: Responses to Target Breach Among the Top 30 Debit Issuers


Sources: Financial institution websites, news reports, and First Annapolis primary research.

Although most financial institutions have declined to release the number of cards being replaced, the Consumer Bankers Association (CBA) reported that its members have replaced over 17.2 million debit and credit cards since the breach was first identified in December. The CBA also estimated that its members’ average replacement cost is roughly $10 per card, which includes card plastic costs, communication, shipping, activation, and call center support, for a total estimated replacement cost of nearly $172 million. Similarly, the Credit Union National Association (CUNA) has estimated that credit unions have replaced nearly 5.4 million debit and credit cards at a cost of over $30 million. Combined, these estimates indicate that over 55% of the 40 million cards compromised in the Target breach have been replaced at a cost to the issuing financial institutions of over $200 million. These estimates do not include any fraud losses associated with these accounts, so the actual costs incurred by financial institutions could be much higher.

The effects of this massive data breach and other recently announced breaches will continue to impact the payments industry, putting a laser point on the rising fraud trend in the United States. Undoubtedly, all potential fraud mitigation solutions will be back on the table for consideration during the coming year and beyond.

For more information, please contact Casey Merolla, Senior Manager, specializing in Debit and Prepaid,

To read the rest of this article, please subscribe to

The Navigator Newsletter