Alot of what you all said about security, sort of goes down the drain, when the "dumb IT manager" forgets or refuses to "turn
on encryption" ; as in the recent Lowe's wireless caper. You know the type....graduated top in his/her class at business school and knows nothing about computers except the Microsoft hype. Who gets hired and put in charge of operations. My point being that there are bigger holes in the "system" than programmer errors. Things like disgruntled employees selling numbers, organized crime extorting numbers, etc. High level trusted employees ripping the system off. I don't know how many times I've heard about some major bank or fund getting ripped off by some trusted employee, then the bank refuses to press charges, because of unwanted bad publicity.
As much as I hate to say it, the only real protection for credit cards, is transaction tracking, epitomized by the Washington "Homeland Security" Plan to track all ecommerce, from sale to
delivery. Many sites now will only deliver to the "address of record" on the credit card, which is a pretty good first step.
The next step would be snapping photos of all people using the card in a public place.