Fundamentally broken
The fundamental problem here is that the card authentication systems all have the same problem - security depends on static information like PINs, knowuing expiry dates, printed numbers on the back of cards and so on. It relies on every retailer having cast-iron security systems and is just wide open to snooping and fraud. The chip-and-pin sticking plaster system is hardly any more secure than the old signature-based system.
Until such time as the finance industry realises this and moves to a system that uses some form of one time password system, then all systems suffer from what is essentially a replay attack. Biometric identification systems also suffer from this if the reading is taken remotely (who knows if that fingerprint scan was spoofed or not?). Of course people won't want to carry around separate one-time password systems for each bank account, credit and debit card they carry, but if the finance industry got their heads together then it is surely possible to come up with a common device that can be used for authentication on multiple accounts.
I've no doubt there are a lot of technical and organisational difficulties here (for example, trusted third party authentication systems). No doubt there will be privacy concerns too for what amounts to a personal identification systems. I've also no doubt that some aspects of this can be broken, but if it is difficult enough then it just won't be cost-effective for the crooks.
In the meantime one extremely easy anti-fraud measure could be taken - that's to give credit, debit and electronic banking customers the option to be notified by SMS or email of every transaction as it happens. In fact it could be tied into the authentication systems which are inherently real-time. It won't stop the fraudulent transaction, but the use of a compromised card's detail would no doubt be picked up quicker than currently. I know - I've just been through this experience myself and if I'd had a notification of every card authentication attempt I would have picked it up much earlier.
Incidentally, none of this means retailers don't need to take proper care of personal data - they do. There's plenty of EU legislation on the matter. However, when you have a system that is fundamentally flawed as our current authentication systems then breaches will happen - guaranteed.