That's because fraud can actually be a source of income, thanks to charge-back fees for fraudulent purchases, and the fact that it's the retailer who often assumes the cost of improperly bought items. And so the embedded-chip system used in much of Europe and Asia has not been adopted by US firms, who argue that retailers don't want to invest heavily in upgrading their card readers. Technology to encrypt data as it flows across the payment system has also been shunned by most firms. "Unfortunately, some companies look at breaches as the cost of doing business,” says the chief information of Heartland Payment Systems, which overhauled its systems after a massive breach in 2008. “That’s not the right way to look at it. You need to be as secure as you possibly can be."