The December data breach at Target could end up affecting as many as 110 million people and Target CEO Greg Steinhafel told CNBC he knows exactly where it happened.
"What we do know is there was malware installed in our point of sale registers," he said.
Cash registers these days are just computers, so they can be infected the same way your desktop can. But the size of the Target breach has Steinhafel thinking that it may be time to use the type of super secure smart cards that Target was pushing ten years ago.
"We were ahead of our time. We were out front of the industry, the industry didn't follow," said Steinhafel.
He thinks they may be ready now.
Smart cards have built-in chips that can encrypt all your personal information so that anyone skimming data at the register would see only gibberish.
However, as cyber-security expert Brian Krebs points out, "That doesn't prevent the bad guys from breaking in somewhere on the network that handles payment transactions and then just sniffing all the transactions they go through because it's in plain tags."
Because the information has to be de-crypted at some point so a human can read it - and that's where the crooks will look.
So what to do?
You won't be on the hook for any fraudulent purchases.
But no one's going to reimburse you for the hassle and just the heebie-jeebies you feel knowing someone is out there pretending to be you.
To be totally secure, you'd have to start going to stores that don't collect your personal information, that don't have loyalty cards, that don't try to track your buying profile so they can send you customized coupons.
You'd have to start going to smaller stores where the people know what you want because they actually know you.
And just pay cash, which, as we both know, is a crazy idea.