The recent breach proves again that no amount of security theater can secure a fundamentally flawed payment system. A lot can be done to improve payments, but I fear it is impossible to do it on top of the existing infrastructure.
For historical reasons the banking industry thinks in messages. When you perform a payment the terminal sends a message across an age old network encompassing many different servers, parties and businesses.
A payment likely hits one or more of the following parties:
Payment gateway reseller
Credit card association
Each one of these parties provide an opportunity for a breach.
What makes it even worse is that to authorize a payment, the entire security is based on the merchant sending the card and consumers details along in the message to authorize the payment.
If a breach happens anywhere along that whole list of …