But he agrees it is, far more difficult to track down criminals using it, "because of the randomness, anonymity and most of all, the encryption."
To do that, he said, requires HUMINT (Human Intelligence). "It's just a matter of wasting a lot of time hanging out where the criminals or the Lulzboat people and 'carders' (people buying and selling credit card information) do."
Beyond that, he said an enterprise's anti-virus (AV) software should be able to monitor all attempts at incoming and outgoing connections. "If it ain't on the list of known and safe, then don't let it communicate. How hard a concept is that?"
But he and others agree that it may get worse before it gets better, and that the high-profile breaches at the end of last year may indeed just be the "tip of the iceberg."
"As long as consumers are able to pay by merely showing a sequence of numbers, and as long as that information is aggregated in POS terminals or, even better, in online transaction systems, these will be attacked," de Boer said.
"As long as security is a fight between convenience and lockdown, then it's not going to get any better," McAleavey added. "Especially now with all those abandoned XP machines out there or older. And same goes for those stuck with old versions of OSX that can't be upgraded because the hardware is obsolete."
Sign up for CIO Asia eNewsletters.