Buying 00000000 trouble: retail data breaches leave consumers feeling insecure.

• Author: Sutherland, Spencer

It's hard to remember a time when the internet wasn't everywhere--on our phones, our TVs, our cameras; in trains, restaurants and car repair shops. Back in the "old days" of the internet--think the early '90s--the web was just a novelty to many, while others believed it was a passing fad. Sure, it was great for sending emails or chatting with far away friends and family, but it wasn't used for anything too serious. Making a purchase on a website seemed risky, and online banking--where you trusted all of your financial information to be safe on a computer--was virtually unheard of.

Obviously, times have changed. In 2013, more than 190 million Americans made a purchase on the internet. Many consumers have decided online shopping is much easier and far less time consuming than driving to a store, finding the product they want and waiting in line to pay for it. And with the recent outbreak of data breaches at physical retailers ranging from Target to The UPS Store, it seems like online shopping might be safer, too.

But before you trade in your grocery store rewards card for an Amazon gift certificate, it's important to understand that personal data can be compromised no matter where you shop, which is why it's important to always take proper safety measures. So far in 2014, the United States has seen 505 data breaches that have affected more than 17 million people, according to the Identity Theft Resource Center.

To Swipe or Not to Swipe?

Though physical retailers are taking much of the media scrutiny for security breaches (not to mention facing the financial consequences--Target's data breach cost the company an estimated $148 million in profits), the data wasn't really compromised in the store.

"Once you swipe your card, your information gets transmitted--but it also gets stored," says Matt Might, associate professor at University of Utah's School of Computing. "Once it gets in a database somewhere, if someone can gain unauthorized access to the database, they can steal the contents, including credit card numbers and personal information."

In Target's case, an HVAC company was given access to the retail chain's database so it could remotely log in and perform efficiency updates to the store's cooling system. After stealing an HVAC worker's credentials, hackers were able to get into the database, install malware, and compromise the data of more than 70 million Americans.

When you swipe your credit or debit card at the register, it's impossible...