As a merchant I deal with credit credit card chargebacks on a regular basis. All a customer has to say is that is not my charge. We have to send back documentation, such as proof of signature. If the charge happened at the credit card readers at our gasoline dispensers, we have no signature, and we eat the charge. We have even offered to provide the customer or issuing bank with the license plate number and picture of person and vehicle charging, but that means nothing. That is why in many locations you need to enter your zip code at a pay at the pump, this offers some security to the merchant, even though by rule the merchant still must eat the charge if the customer balks.
Now if the merchant goes tits up or goes bad and steals money from the customers credit cards and can't pay it back, then the merchant's processing ISO is on the hook. The processor isn't Visa/Mastercard or the issuing bank, it is someone like First Data or a myriad of other middle men. The processor gets as little as 3 to 6 cents a transaction, passing the interchange cost to the merchant. The merchant has paid anywhere from 50 cents a transaction to 3% for the convenience of letting a customer pay with credit.The issuing banks and the cartel of Visa/Mastercard are on the hook only if the processor goes under. And even then it is the issuing banks that deal with the customer directly and they are the only ones who can decide to credit or not credit the customer.
The problem with this system in the United States is that the entities that make money off of credit card transactions, i.e. the issuing banks, have absolutely no incentive to make the system more secure. They do none of the work, other than marketing their credit cards and profiting off of their card holders who use their cards and the merchants who accept their cards