A scheme to steal customers' credit and debit card information at a New England supermarket chain highlights a little-understood fact about credit card security: Customers still think that the credit-card companies have to eat fraudulent charges, but since the PCI DSS standards were adopted, it's actually the merchant banks and merchants who have to pay up. And, according to the blogger writing in the latter article, it's a good thing."

I don't agree with that blogger. Credit Card numbers get stolen because they can be. The only people who are in a position to rearchitect this system are the Credit Card companies, who, of course, have no economic incentive to do so, because they don't bare any of the costs associated with the fraud. This is market failure, and instead of pouring buckets of money at law enforcement in this context the government ought to fix the glitch.