The Target data breach that happened at the utterly worst time for the big retailer is only the highest profile example of the threats lurking within the drive to make Point Of Sale (POS) transactions more convenient. Many consumers burned by data breaches are now far more likely – and justifiably so —  to use a much cruder phrase  in connection with that acronym. So we just might be at a tipping point where it becomes more cost-effective to address the problem of vulnerability rather than relying on minimum standards of security and hoping for the best.

The take-home lesson from a Jan. 28 conference on data security, held in New York City and sponsored by the Online Trust Alliance (OTA) with support from the metro Better Business Bureau,  was that the majority of breaches have been crimes of opportunity, unpreventable by technology alone. Such human errors as emailing sensitive documents to the wrong recipients, putting them on laptops or data-storage devices that circulate outside a company’s intranet, or outsourcing data storage to service providers, are raising the risk profile for both banks and businesses. In the Target case, stolen electronic credentia;s gave hackers a way in.

OTA’s analysis of nearly 500 data breaches in the first half of 2013, revealed that fully 89 percent could have been avoided through the implementation of simple controls and security best practices. That’s consistent with past research published by Verizon showing that such practices would have helped prevent up to 97 percent of data breaches in 2011.

Adding to the human-error problem is the varying compliance requirements of different states and jurisdictions. So companies that do business in multiple states face a real compliance challenge. And they’ve got to raise the bar to meet customer expectations around timely reporting of data breaches.

Then, there are the banks. The last thing they want is to be the bearer of bad news – that they’ve had to cancel and replace customers’ bank-held credit and/or debit card because of a data exposure on the part of a retailer or other third party. Customers in this situation have to deal with declined card transactions until they can provide all the entities with which they do business, with new card information.

So, the much-vaunted chip technology widely adopted overseas won’t solve all the transaction problems that are lurking out there in the age of Bring Your Own Device.

We’re just at the Maginot Line of convenience meeting vulnerability in the new age of tech. For those who don’t want to Google this, the Maginot Line was a fortification established in the 1930s by the French to provide time for the army to mobilize in the event of an attack by Germany. It did prevent a direct attack, but the German army ran around the line and defeated France in about six weeks. It became the symbol of the adage that generals always fight the last war. So here we are. Good technology and good practices will both be needed to fight the next war.