Banks pay for credit card breaches, not consumers
Like any other business, you, the consumer, eventually do pay for them - in higher (and newer, more devious) fees, lower savings/CD interest rates, and higher loan interest rates.
Don't fool yourself into thinking that you;re getting a free ride.
And don't believe that old fallacy that it's the banks that pick up the tab either- as pointed out here, it's the retailer that almost always has to pick up the tab in such cases.
The banks simply yank back any fraudulent transactions and leave the business out of pocket- not them. This is why banks- in the UK at least- do not give a fuck about individual instances of credit card theft and fraud. They're not the ones having to pay for it.
If you're a retailer who knows with near-certainty that a credit card has been stolen and is being used fraudulently, it's virtually impossible to get the information passed on to the legitimate owner of the card. Generally speaking, nothing will be done at this stage, and nothing will happen until the legitimate owner notices fraudulent transactions on their statement, and contacts the credit card company.
Of course, that is usually *long* after the attempted fraud has taken place, along with later (possibly successful) attempts that could have been stopped, but weren't. The fraudsters are long gone, and it's the businesses that are left out of pocket.
The banks will bleat that there are too many cases of credit card theft and fraud to keep track of all these reports, even if the information is handed to them on a plate. Of course, you can bet that they'd manage to do so very quickly (by employing more dedicated staff) if they were having to foot the bill for the fraud themselves- but of course, they're not.
It's also worth noting that (again, in the UK), it's *very* difficult to get the police to do anything about even bleeding obvious cases of mail order credit card fraud, i.e. ones where the fraudulent delivery address has to be openly given. Even when details including the exact address- typically in London- are passed on to the police, nothing well be done. Same excuse, and same outcome- by the time anything happens, the fraudsters are long gone and not worth chasing up. Makes it quite easy to commit fraud; simply rent an address for a relatively short period, have the goods openly and directly delivered there safe in the knowledge that, even though the police will likely be notified, they'll be long gone before anything is done.
The customers mostly still believe- as shown here- that the banks cover the cost, so probably aren't upset as (if they think about it at all) they believe that the banks are having to foot the bill for their own incompetence. Not the case.
Personally, I'm in favour of publicising cases like this one and pointing out that the banks' nonchalance regarding people's credit cards (and by extension, personal details and- to some extent- identity theft) could have serious repercussions for them beyond the money that customers will have refunded. And pointing out that- regardless of their hypocritical (and often nickel-and-diming) identity protection schemes, it's the banks- with their self-serving laziness and disregard for credit card misuse- who are to blame for putting them at risk like this.