Banks Want BJ's to Pay for Possible Credit Card Security Breach

BJ's Wholesale Club Inc. (BJ) Tuesday said credit card issuers want the retailer to reimburse them for up to $16 million in fraudulent credit card charges and other costs stemming from a possible security breach at its stores.

BJ's set aside $6 million to establish a reserve for claims from credit card issuers, the company disclosed in its quarterly earnings report. The move comes five months after BJ's said a possible breach of its computer systems may have resulted in credit card information theft.

In a filing with the Securities and Exchange Commission (search) Tuesday, BJ's said its credit card processor had estimated claims at $16 million, including $6 million in actual claims and an estimated $10 million for credit card replacements and monitoring costs.

David Robertson, publisher of credit card industry newsletter The Nilson Report (search), said it was unusual for credit card issuers to seek reimbursement from retailers.

"The basic model in the bank card industry is that card issuers eat fraud," he said.

Robertson said credit card issuers have been pressing retailers to improve network security and protect credit card numbers, but asking a retailer to pay up for a possible security breach was "not common."

BJ's said this year it was notified by credit card issuers that credit and debit card accounts used legitimately at BJ's were subsequently used in fraudulent transactions elsewhere.

The retailer then hired a computer security firm to conduct a forensic analysis of its information technology systems to determine whether there had been a breach. BJ's said Tuesday that no "conclusive evidence" of a breach was found.

"The company plans to vigorously contest the claims made against it (by credit card issuers) and is exploring its defenses and possible claims against others," BJ's said in its SEC filing.