This week’s indictment of a hacker believed responsible for the biggest retail-store notes breaches in U.S. history doesn’t necessarily invent shoppers safer from having their credit card numbers plundered.

Accomplices to the crimes are believed to be on the loose in Russia or other countries where U.S. authorities are less likely to get them. And the underlying defense holes mined by the hackers still exist in many payment networks.

Albert Gonzalez, a Miami hacker who once worked as a government mole tracking down identity thieves, is accused of playing a critical role in all the largest credit-card heists on record.

With Monday’s indictment of Gonzalez on conspiracy charges in U.S. District Court in New Jersey, the Justice area says he helped steal 130 million card numbers from payment processor Heartland Payment Systems, 4.2 million card numbers from East Coast grocery chain Hannaford Bros. and an undetermined number of cards from 7-Eleven. He was previously charged in other computer break-ins, most significantly at TJX Cos., the chain that owns reduction retailers T.J. Maxx and Marshalls, in which as many as 100 million accounts were lifted.

Gonzalez is in jail and awaiting trial next month in New York for allegedly helping to hack the computer network of the Dave and Buster’s restaurant chain. Attorneys for Gonzalez did not comment to The Associated Press.

The fact that hundreds of millions of card numbers could be stolen from retailers illustrates the flaws in a payment system that’s built more for speed than protection, as an Associated Press research found that year. For instance, credit and debit card numbers are not always encrypted as they move from retail stores to banks for approval.

Consumers don’t directly pay the costs of most hoax. Banks and retailers eat those charges. But consumers bear it indirectly, in the mold of higher prices.

According to prosecutors,…

[Source] dhiram