Does the U.S. have enough protection against credit card theft?
After an estimated 70 million to 110 million people were affected by retailer Target's data theft at the end of 2013, Paul Viollis, CEO of security consulting firm Risk Control Strategies, said the breach is an example of the lax approach taken in the United States to prevent credit card theft.
"The question, 'What went wrong,' I think dials us back to what is the level of protection that we, as Americans, have placed inside corporate America," Viollis told CBS News in an interview from his office in New York City.
Stealing credit card information is not simple, but Viollis explained that the organized crime groups behind these thefts are very well-trained.
"They are extremely intelligent, they are well-funded, these are extremely, extremely bright people so they have made it look easy but it really isn't that easy," he said.
Still unknown in the Target case is how the malicious software that was used to carry out the theft got into Target’s computer system and how hackers entered Target's system. One security expert believes it started with a malware-infected email sent to employees at an HVAC firm based in Sharpsburg, Pa.
The U.S. is an easy target, explained Viollis, partly because banks and retailers have been reluctant to make the switch to "Chip and Pin" cards, such as the ones in Europe which store your data on an encrypted microchip that’s hard to copy and requires a pin number instead of a signature.
Experts believe this obstacle makes it more difficult for criminals than forging signatures.
Credit card companies, including American Express and Visa, say they have plans to introduce more secure cards, but retailers also have to get on board and change their card readers.
In the meantime, Viollis shared some advice on how individuals can protect themselves from credit card theft.
"Don't send things from home over a basic router, avoid plugging into hotspots, avoid plugging in anywhere with respect to wireless because understand it carries minimal to any encryption, and can easily be penetrated," said Viollis. He also warned of small card-reading devices placed directly above pin pads at ATM machines that can be used to steal data.
"That device, unless you really know what you're looking for, is not detectable, and once people put their card in, it records all that information," he explained.
"One minute you're having dinner in New York and two hours later your card is being used in Hong Kong," said Viollis.
