Because it's so simple to authenticate all parties to the broker. Now we've gone from trusting the merchant, the shopper, and the bank, to trusting the merchant, shopper, bank, and broker. That's the problem here: every solution that relies on trust instead of hardware cryptographic implementations is equally broken.
The smart cards in the EMV system are indeed the way to go, because they are issued by the bank, and your bank stores your account's secret in them. The bank's trust never leaves the bank's systems.
EMV limits fraud only to a person who physically has the card in their possession (and who knows the PIN, assuming your card requires a PIN.) As a customer, you don't have to trust that BigMart's cash register is paying the right company or not, because you're walking out the door with your paid-for stuff. BigMart's transaction security is BigMart's problem. You don't have to trust BigMart (or a hacker) to not steal your account number, because without the authentication coming from the smart chip, the bank should refuse any transactions. It doesn't even matter much if they steal your account number and your PIN, because without the chip they still can't recreate the authentication. And if a sophisticated hacker with an ion-beam manages to read the secret from the chip, it only violates your one card; not your other accounts, not someone else's account, and not the bank's master secret.
If we ever get there.