"(The network) should be segmented, so if a compromise does occur, the amount of damage is contained and controlled," Cole said.
Also, retailers have to stop the practice of using credit-card data for more than just completing a transaction, Kindervag said. Card data is often fed into analytic systems used by marketers to track customer buying habits.
"There's a long held culture of using the credit card number as a way of analyzing the buying habits of consumers and projecting what they might be in the future," Kindervag said.
Retailers and the marketing people who work for them have to recognize that some data is "just too dangerous to have," he said.
Overall, retailers have to approach the avoidance of data breaches the same way energy companies view oil spills, Kindervag said. "It's the most costly thing that could happen to your business."
Sign up for MIS Asia eNewsletters.