Customers paying the price after Target breach

January 3, 2014

Kayla Tauche

Three weeks after news broke that 40 million accounts of Target shoppers were breached in a widespread hack, some customers of smaller banks are beginning to feel the repercussions.

Nate Johnson, 26, of Gowrie, Iowa, got a notice from Security Savings Bank this week that it would be blocking all customer transactions. The decision to block all transactions came from "recent fraudulent activity occuring [sic] on customers' compromised cards," according to the bank's message.

Johnson, who manages a sporting goods company, has found himself in a precarious position.

"I'm basically relying on my checkbook," Johnson told CNBC, saying he used a check to fill up his gas tank at Casey's General Store on New Year's Day. For stores that no longer accept local checks, he's had to use cash he stockpiled from a visit to a local bank branch.

Customers have "zero liability" on most debit accounts, but there are questions about which party—the bank in question, Target, or industry authorities—will ultimately be found liable. (A Target statement at the time the breach was disclosed only sought to reassure guests they would not be held financially responsible.)

Citigroup and Wells Fargo, for instance, have been monitoring accounts for fraudulent activity on a case-by-case basis but have stopped short of initiating customer-wide policies.

Of the country's largest banks, only Chase has taken similar actions on customer accounts to thwart potential fraud. Chase has clipped spending by affected debit customers to $250 at ATMs and $1,000 on purchases—and banned any debit usage overseas.