There's an open secret in the Information Security industry (at least here in the UK), which is that the Payment Card Industry don't care about your security. What they care about is shifting as much of the liability onto the consumer, the merchant, anyone other than themselves as is possible.
We have a system in place here called Chip and Pin (http://en.wikipedia.org/wiki/Chip_and_PIN) which was supposed to protect people by requiring them to type in a personal PIN code. The only problem was that there were plenty of ways to commit fraud without knowing the PIN, and until new regulations came into force the banks would reject claims of fraudulent transactions and require the victim to prove that such transactions weren't fraudulent.
We have a system in place here called Chip and Pin (http://en.wikipedia.org/wiki/Chip_and_PIN) which was supposed to protect people by requiring them to type in a personal PIN code. The only problem was that there were plenty of ways to commit fraud without knowing the PIN, and until new regulations came into force the banks would reject claims of fraudulent transactions and require the victim to prove that such transactions weren't fraudulent.
If you want to see how bad the card industry and banks can 'do security', just look here: http://www.cl.cam.ac.uk/research/security/banking/