A new report out today on Target's data breach says the malware that infected Target may also have affected a "large number" of other retail information systems.
The way the identity thieves accessed the information is new and any retailer could be vulnerable.
The malicious Russian software that was able to get the information of some 110 million customers was attached onto the cash register system. When payments were authorized, card numbers had to be decrypted, and the malware that couldn't be detected, was able to identify and steal the information.
"It's extremely clever; there are brilliant people out there. It's unfortunate they're using it for this, but it's absolutely clever," Colin Tracy said.
Colin Tracy is a web developer. He helps his fiancé, boutique owner Chelsea Pickner with her store's payment system.
"It kind of scares you to think maybe it can happen to anyone, anytime and you might not ever even know about it," Pickner said.
Pickner doesn't think small businesses will be as vulnerable, because there aren't as many card numbers to steal as with major merchants. But she has noticed a change in her customers shopping habits.
"Recently we have seen more cash being used so maybe that's what people are going to start doing, instead of credit cards, swiping that all the time, they'll go to the bank, get cash out of the ATM," Pickner said.
It hasn't stopped shopper Emily Engfelt from using her credit cards though.
"I've had my identity stolen before and it was a pain, but it didn't take too long to get my money back. It's hard to believe that people would go out of their way to steal other people's money like that and that it's so easy to do," Engfelt said.
Until changes are made in the payment card system, that's something consumers may just come to expect.
"Technology keeps improving, smarter on one end, smarter on the other end," Tracy said.
One of the biggest questions remaining is who is responsible for this malware that stole millions of customers’ information. The latest report says that is simply part of the latest government investigation.
Visa has said it plans to move to the more secure chip and pin system for credit and debit cards by 2015. But that will require a lot of infrastructure change at stores.