In the Nehterlands, in the early 2000s, they had an online commerce system that works as follows:
You have a credit card. It has a number.
You want to buy something online. Your vendor, after your cart is totalled, gives you an amount and a vendor code.
You go to your bank's website in your browser. You access your credit card account. You create a payment by entering the vendor code and total. A one-time code is generated that you copy and paste into the vendor's payment form.
a) The vendor NEVER has your CC number (so can't lose it)
b) The vendor can only charge ONCE against that number
c) The vendor gets paid, your data stays secure
WHERE IS THIS SYSTEM IN NORTH AMERICA?
WHY DO WE KEEP HAVING TO GIVE CC NUMBERS TO VENDORS?
Our banks aren't catching up because they couldn't catch a clue to save their lives.
I once had a friend have fraudulent charges on his CC. He went through the process do get them acknowledged with his CC company and written off. He asked when he'd get a new card with a new CC number. They weren't planning on sending him one. Yes, you heard me....
He asked them to kindly assign him a new number and send him another. They countered with the fact that he could just sign off any other bogus charges and they'd make them go away.
And you wonder where 18% interest rates come from?
Our banks are absolutely hopeless when it comes to innovating or even catching up with what the rest of hte world has been doing forever.
The chip and pin is slightly better (in prevention, but not in dealing with a breach) than the signature. Harder to argue later with your CC company thought because you can't argue 'well, that is clearly NOT my signature you have on file!'.... they'll just say 'they had your pin and chip, so too bad, so sad, you are liable....'.
One time numbers are the way to go for online transactions. I'm not sure what cure there is for CC used at brick and mortar outlets other than DON"T DO IT.