Such detection is harder when a stolen card is used within the area where the card is typically used.
"Whoever is behind this breach appears to have a tremendous amount of not only technical, but also retail operations and payment industry knowledge. This could indicate someone who has previously worked in the retail payments industry." Huguelet said.
Gartner analyst Avivah Litan said that card issuers and others have to significantly ramp up fraud detection capabilities to deal with the new threat.
"It's very significant because it shows how sophisticated the criminals are," Litan said. "They are trying to avoid being spotted by fraud detection systems that check the location of a transaction against the individual's home zip code and the location of that individual's most recent transactions."
This level of sophistication, combined with the sheer large volume of active cards that were compromised, makes fraud detection far more difficult, Litan said. "Companies will need to beef up their fraud detection capabilities and strategies to overcome the criminals' tactics, which is not a simple task and which does not happen overnight," she said.
Major data breaches often have provided a window into the systemic weaknesses exploited by cyber criminals to infiltrate networks and to profit from data theft.
The 2007 breach at TJX Companies, in which hackers accessed data on 45 million credit and debit cards, showed how easily a poorly protected wireless network can be exploited to gain access to a payment network. Massive data compromises at Heartland Payment Systems and Hannaford Brothers in 2009 hammered home the dangers of SQL injection flaws in Web application software.
Sign up for CIO Asia eNewsletters.