The entire way we process payments is going to have to change.
This notion that you can just give someone a 16 digit card number, exp date and a 3 digit code with some optional add on security is basically creating a giant honey pot for thieves.
The whole concept needs to move to something totally different.
One off transactions should be pushed - unique payment token sent to thr retailer. There's no need to have credit card info.
Direct Debits should be setup using a unique code too.
Banks could generate an "application specific code much like Gmail does with 2 factor security enabled. This could be done by online banking portals or for the less tech savvy just give them 30 unique codes on a card for setting up direct debit / automatic payments.
Also your bank account should have an "Inward only" number to allow payments in only and then a confidential account number for your use only for actually accessing it.
There's no reason why all these highly sensitive bank details should be exposed.