What you say simply isn't true, for brick & mortar stores (which is the only place this applies to). There are specific rules and procedures the merchant is required to follow - swipe the card, and if you can't, make a physical imprint of it (many merchants won't bother, they'll just decline any card that won't swipe), to prove you had a physical card in the store, and get a signature. Sometimes, there are other requirements, like checking ID, for high risk industries or merchants that have had problems in the past, but those two things protect the merchant in most cases.
What the article refers to (and the summary, at least, don't really explain very well) is that after October 2015, merchants that do not have chip and pin equipment (specifically, EMV compatible) in place are automatically responsible not only for the amount of the transaction, but for all costs associated with investigating and remediating fraud. This is a change from now, where those costs are carried by the merchant service if the merchant is PCI compliant, and by the merchant if he's not. (This is the only time that the difference between swearing you're compliant and being compliant matters.) EMV removes PCI compliance from the equation entirely, because the merchant never sees the card information at all, and cannot store it. The only place to steal millions of card numbers at once will be from the merchant service, which is more difficult, at least.
Generally speaking, under US law, with the current system, it is the merchant service - the bank - that eats the cost of most fraud. Only stupid merchants who don't follow the rules lose out. (In brick & mortar retailers. For online transactions, yeah, the merchant is pretty much hosed, because they never have a physical credit card in their hands.)