William Booe, senior vice president and chief operations officer at Peoples Bank, said that when he heard of the latest credit card breach at Kmart, his first and only reaction was, "Oh look, another breach," in a monotone.

He guessed that was probably most people's reaction.

"It has become almost a commonplace situation," he said, "and it's interesting."

Kmart experienced the latest high-profile security breach last week, joining companies such as Target, Sony, Epsilon and Home Depot that have also have fallen victim in the past few years.

In a statement released on Oct. 10, Kmart said its security experts believe the data systems at Kmart stores were purposely infected with a new form of malware that resulted in debit and credit card numbers being compromised. They did not specify how many stores were affected.

The breach is suspected to have started in early September.

Just days before Kmart made that announcement, Dairy Queen Inc. released a statement after learning of a possible malware intrusion that may have affected almost 400 locations from August to October.

Identity Theft Resource Center, a nonprofit organization, reported 614 breaches in 2013, up from the 473 it reported in 2012. According to the FBI's website, 1.2 million complaints of cybercrimes were reported to the FBI from 2010 through 2013.

Why systems are vulnerable

Mark Hodges is the director of operations at Wholesale Payments Inc., a credit and debit card processing company in Lubbock.

Hodges said that the main reason credit card information is vulnerable to hackers is because some companies, especially the larger ones, do not use the latest technology available to them because it costs so much money to upgrade the system.

He said that the payment card industry has a set of updating requirements, and it is more or less the merchant's responsibility to stay on top of those requirements.

The goal of the PCI standards is to maintain a secure network, protect card-holder data and continuously monitor the networks.

He said most, if not all, of the major security breaches are done through terminals that are not PCI-compliant, giving thieves the chance to bypass the firewall, break into the point-of-sale system and take data from the magnetic strips that are found on the back of credit and debit cards.

"We won't even take a customer that has a non-PCI-compliant terminal," he said. "We won't even download it because it puts all our customers at risk. We call them end-of-life terminals. Whenever they start to get old and don't have that firewall that protects, then we quit using them."

But Hodges said there's good news, and that's the move toward EMV-compliant cards and terminals. EMV stands for Europay, MasterCard and Visa.

Hodges said U.S. card issuers have already begun migrating toward the new technology, and the due date for merchants to be EMV-ready is October 2015, or they could face financial punishments.

The EMV cards are more secure because they contain a small computer chip, which creates a unique transaction code for each payment. This is unlike the typical magnetic strip that contains unchanging data. If a hacker were to steal data from the chip, it would be unusable because the code could not be used again.

"That's supposedly going to be the end of these data-security breaches," Hodges said. "But it still doesn't completely solve merchants that do not become compliant through their software."

Security tips for individuals

James Arnold is the executive vice president at Lubbock National Bank. He said there is not a lot individuals can do to prevent the credit card breaches, but there are some things to do that could be beneficial.

"From a consumer perspective, it's about being alert," he said, "and looking at your statement and going online and looking at your transaction history regularly to make sure there's not something out there or something fraudulent that's going on that you're not aware of."

If there are signs of credit card theft, he said, contact the bank or credit-card provider immediately and start the claims process. Another good precaution is to get a new debit card about once a year, he said, so that if someone does obtain the debit card numbers, they can't use them.

Booe advised consumers to ask their financial institution what they can do to mitigate the risks and what services are in place to reduce fraud.

For example, he said, some financial institutions contact users if something does not fall into the "normal" pattern of spending.

It also helps to use strong passwords and never give out sensitive information to unknown persons or websites.

matt.dotray@lubbockonline.com

• 766-8744

Follow Matt on Twitter

@MDotrayAJ