We’ve become almost blasé about mass privacy breaches these days. Yet the news of 40 million card accounts nabbed from Target points of sale during the height of holiday shopping was still a jaw-dropper.

Target has of course absorbed a great deal of criticism since then, and it was hit by the inevitable class action lawsuits. Some of these complaints may eventually prove warranted — we still don’t know how exactly the Target thieves worked — but the truth is that even merchants doing absolutely everything right on the card security front have been subject to thefts of this sort.

The sheer scope of the Target breach commanded headlines, but big data breaches actually happen all the time, usually under the radar. We aren’t likely to be safe from them anytime soon — regardless of where you shop and how seriously that merchant takes payment security.

There are four main reasons why your credit or debit card information is vulnerable anywhere you swipe plastic today:

1. Motivated, sophisticated hackers will always be one step ahead of the institutional security that underpins mass payment systems.
2. There are well-known weaknesses in the way card payment information travels between merchants and banks.
3. Demand for stolen card data on the black market is robust, so the theft can be incredibly lucrative.
4. American payment processors and politicians have been painfully slow to adopt the EMV “smart card” microchip standard that’s now common globally — and far more secure.

Given this, if you’re an American consumer who cares about your card data security and wants to avoid becoming a victim yourself, it’s simply a waste of time to point fingers at Target right now.

So short of paying with cash everywhere you go, what can you realistically do to protect yourself from debit and credit card theft of this sort?

Credit monitoring won’t cut it

Soon after acknowledging the mass theft, Target announced it will soon offer a free credit monitoring service to affected cardholders. Target has yet to define the exact structure of this program, but the credit monitoring will likely come from one of the three large providers: Equifax, Experian or Transunion.

This is a well-intended effort from Target, which has generally responded responsibly to the breach, but anyone who’s familiar with card fraud understands that it won’t actually help anyone right away. Credit monitoring services don’t function on the transaction level, so if someone actually uses your credit card in the period soon after it’s stolen, the credit reporting agencies simply won’t notice it.

Credit monitoring services would notice someone trying to issue a new credit card in your name, and they’ll try to track your card number on the black market, but they have zero visibility into specific transactions. And it’s those fraudulent charges that you need to be on the lookout for right after a security breach.

In cases like this, the thieves — or those to whom they sell card data — generally don’t try to open new accounts in victims’ names right away. They prefer first to validate that the card is still active by making small charges that usually go unnoticed by the cardholder, since a validated active card commands a much higher price on the black market. Alternatively, the crooks will make big charges for valuable hard goods right away, before the cardholder even knows what hit them.

What actually will work — right now

Unlike credit monitoring services, a transaction monitoring network such as ours at BillGuard begins working to protect victims right away (full disclosure: I’m head of marketing at BillGuard).

When the news broke on Thursday morning, December 19, we were the first to notify actual Target customers who may have been affected. 32,000 BillGuard users with Target charges during the danger period received a personal notification that day that they should immediately be on the lookout for unauthorized charges on their card.

Those BillGuard users have since been actively flagging questionable charges on their affected cards via our iPhone app. Their vigilance helps everyone else in our crowdsourced network gain insight into potential fraud happening on their own cards.

We’ve found that about 2% of the cards in our network with Target charges during the breach period have since had customer validated reports of fraud.

The good news: that 2% is not materially different from a control group of non-Target customers. So if you shopped at Target during the danger period, there’s no reason to panic or immediately cancel your card. You just need to check your card activity regularly, as always.

The bottom line is that despite all the proposed innovation in payments, most of us still depend on our credit and debit cards for most of our spending. And the systems that merchants use to process our cards will always be subject to theft and data breaches.

So for now, if you want to ensure your own account security, there’s really no substitute for personal diligence — and using the right tools to gain from the diligence of others.