SAN FRANCISCO — Target may have been an easy bull’s-eye for criminal hackers intent on stealing credit card information, but the theft of records for 40 million store customers was hardly the worst security breach among big retailers in recent years. And the incident revealed on Thursday is unlikely to be the last.

Security experts say the Target hack is a reminder of security problems facing many retailers that won’t easily go away: There are weaknesses in the way payment information travels between retailers and banks. There is plenty of money to be made on the black market selling stolen credit card numbers, which can go for as little as a quarter or as much as $45 each. And American companies have been reluctant to adopt smart-chip cards, a type of credit card widely used in Europe that provides better security.

Target said that from Nov. 27 to Dec. 15 hackers stole customer names, credit or debit card numbers, expiration dates and three-digit security codes for 40 million customers who had shopped in its stores. It is currently working with a forensic team from Verizon to investigate the breach, according to one person involved in the inquiry. But there was no word as to who was behind the attack, how they got in, or what the total cost to Target may be. Thursday, visitors to the retailer’s website found a site festooned in red and green save for a stark black-and-white security notice at the top. Complicating matters, Target was hit during the holiday shopping season, when fraud detection systems have a hard enough time telling legitimate transactions from fake ones.

“This is the perfect storm” for vulnerability to hackers, said Paul Kocher, president of Cryptography Research, a company that develops technologies to prevent fraud.