Time and money, say experts. It takes time for companies to rebuild point of sale systems more securely and shift from magnetic stripe credit and debit cards to more secure chip cards. They need money to hire tech staff to secure those networks, money to buy software to do the securing and money to buy new, encrypted point-of-sale machines.
"It's expensive and complicated to get systems to up the point they're really hardened against these kinds of attacks," said John Miller, manager of threat intelligence for FireEye, a large cybersecurity company.
Proportionally, attacks on point-of-sale systems (as modern cash register systems are called) are down, according to the 2017 Data Breach Investigations Report by Verizon. This year they've made up just 6.7 percent of overall breaches tracked by the company, down from a high of 45.4 percent in 2011.
Even so, there are still lots of these thefts, in which criminals insert malicious software into a company's point-of-sale (POS) system. The malware surreptitiously records credit and debit card information when customers swipe them through payment terminals. It later sends the card information to the thieves, who sell it on the Internet underground, known as the dark web.
These breaches continue to cause retailers and their