The huge data heist that hit Target stores over the holidays may be part of a larger scam.
The federal government alerted other retailers that other companies have likely been infected with the same malicious software ripping off customers' sensitive information.
"The malware we're talking about is called a RAM scraper and was installed directly on the point-of-sale devices and was able to read the information on the magnetic strips on those cards," said Kevin Kjosa, assistant director of the Center for Infrastructure Assurance and Security at UTSA.
Angelica Jones said her debit card was compromised in the holiday Target attack.
"I would love to think twice, but you have to use your card," Jones said. "I'm not going to pull out cash every time I need to buy something."
Cash may not be the most convenient way to pay, but it is the most secure.
"Plastic tends to be the easiest mode of paying the vendor, but we have to ask ourselves, 'How much do we want to expose our checking account to any vendor; any merchant, for that matter?'" Kjosa said.
When paying with plastic, the more barriers the better, he said. With a credit card, you use the bank's money first, then reimburse the credit card issuer. But with a debit card, it's a straight shot into your checking or savings account.
"Shoppers have to weigh the risks of using debit cards versus credit cards," Kjosa said.
Banks have been swamped reissuing new cards to millions of customers. So are shoppers more secure with new accounts and PINs?
"We are more secure from the current attack," Kjosa said. "There's always tomorrow."
Target Corp. is offering free credit monitoring through Experian for one year. Target emailed customers this week.
The retailer has warned customers to beware of other scammers pretending to be working in connection with the Target hack.
"Always trust, but verify," Kjosa advised.
Customers are advised not to click on any link in emails they are not certain are safe, but go to the website directly.