this will never change
until someone OTHER THAN the consumer gets a thorough reaming. When a few top execs get publicly humiliated by their (hopefully former) employers and/or said businesses are forced into liquidation to pay for the mess they themselves created, then and ONLY then will they begin to wake up and fix this. If the culprit is an outside contractor/firm, then they should be held financially liable for any and all breaches. Only then will they be truly interested in securing their devices and the transactions thereupon.