As we reported previously, criminals have become increasingly adept at hacking computer systems at banks, data processors and other links in the financial chain to steal consumers’ credit and debit card data en masse.

The latest in a string of such data breaches is the report this week that charges have been filed against a team of cyber-criminals who stole more than 130 million credit and debit card numbers used by customers whose card charges were processed via computer networks operated by Heartland Payment Systems, and/or made purchases at 7-Eleven, Hannaford Brothers supermarkets and other retailers 

Another major breach disclosed in late July revealed that personal and financial data for nearly 600,000 credit and debit cardholders was stolen by hackers who intercepted financial transactions of customers making purchases from online merchants whose websites were hosted by Network Solutions, a company that provides such services for more than 10,000 small retailers nationwide. The card data was stolen during the period from March 12 through June 8, 2009.

There’s not much consumers can do to guard against such large-scale data breaches, but there’s plenty that U.S. card issuers could be doing but aren’t to prevent this kind of cyber-theft, according to Avivah Litan, an analyst specializing in fraud detection and prevention at Gartner Research in Stanford, Ct.  

Cards carrying magnetic stripes encoded with customers’ account information are still the standard in this country, but card issuers in European nations and a growing number of other countries throughout the world have switched to cards that rely on the much safer “chip and PIN” system.  To make a purchase or withdraw cash using these “smart cards”, a thief would actually have to have the chip that is embedded your card which contains a mini computer processor linked to your account information.  Some smart card transactions also may require a personal identification number. 

“If everyone were on the chip and PIN system, criminals wouldn’t be able to just steal what they need from computer servers,” says Litan.  “The U.S. banks have resisted switching to chip and PIN because they don’t want to spend the money, so instead they’ve gotten retailers and payment processors to spend more than $2 billion on upgrading their security to meet card industry standards. But  that’s a Band-Aid security solution that is clearly not working.  U.S. issuers need to bite the bullet and switch to chip and PIN.”–Andrea Rock