In 2005, it happened at TJX Cos. In 2008, it happened at Hannaford. Earlier this month, it happened at Target.

Customers’ credit and debit card numbers (and more, in Target’s case) were stolen by computer hackers, who use the information to make fake cards, resell the data on the black market or run up fraudulent charges. The Target data theft could wind up being one of the largest in history, affecting about 40 million people, likely including thousands who visited the retailer’s stores in Maine.

In the wake of massive breaches like these, security experts make a point of urging consumers to notify their banks, monitor their statements and watch for unauthorized transactions. They’re good suggestions, but they miss the bigger picture: Weak security makes it far easier to commit credit card fraud here in the U.S. than it should be.

Retailers, banks and credit card companies don’t want to foot the bill to make things safer. So though there’s talk of implementing voluntary preventive measures, don’t expect the situation to shift in the consumer’s favor any time soon.

Turn over your credit or debit card, and you’ll see a magnetic strip that stores account information, such as your name and account number and the card’s expiration date. This 1960s-1970s technology makes U.S. cards easy to copy. In most other countries, digital chips on the cards hold the account information. Since the chip is tough to replicate, criminals generally don’t bother doing so.

Why hasn’t the chip system been implemented in the U.S.? Probably because it calls for U.S. banks, retailers and credit card issuers to replace the 1 billion magnetic-stripe debit and credit cards now in circulation and put in place new processing systems. Only about 5 cents is lost to fraud for every $100 in credit and debit card transactions, so the chip shift isn’t seen as worth the cost.

By October 2015, the picture could brighten, say optimists: That’s the deadline set by major credit card companies for U.S. retailers to embrace smart cards. After that date, stores that process fraudulent sales from magnetic-stripe cards could get stuck with the losses.

But others say 2018 is a more realistic time frame in which to expect change, especially considering that it costs about four times as much to make a smart card as it does to make a magnetic-stripe one. And an expert is even more pessimistic: “Ten years from now, we’re still serving up magnetic-stripe cards,” David Robertson, publisher of a newsletter that follows the industry, recently predicted.

We’re relying on industry to make the chip switch voluntarily, but none of the major players has any real incentive to make credit cards safer. For the foreseeable future, then, expect the burden of protecting consumer safety to remain with the consumer.