Last year I was unfortunate enough to be caught up in the NewEgg shopping cart malware issue... Apart from a couple of notifications I received from them, along the lines of "Hey! Guess What? We've been hacked! Fancy that...", I've seen or heard nothing from them.
However, I did immediately call my bank (Bank of Scotland) and demand a replacement card for the one used on the NewEgg site. At first they did their best to talk me out of replacing my existing plastic, suggesting that I could just keep an eye on transactions and call them if I saw anything suspicious. At that point I suggested that if they didn't want to send me a new card, pronto, I would happily cancel my card account there and then. Funny old thing, they changed their mind...
During that process (it was, for me, the first time I've been involved in a potential loss of my card details), I made careful notes of all the places I had to contact (those I remembered on the day and those that were identified during the subsequent sweep-up) to change my details. I now have that list, which I can re-use when needed.
The reason my bank tried to talk me out of getting a new card was because it costs them to do so. If you are involved in anything like this, DEMAND an immediate replacement of your card. No bank can reasonably refuse - and you should not be doing business with one that tried to refuse you. The reason is simple - the more of us that demand that banks do this, the greater the expense to the banks from having to. It's only when the cost of having to continually re-issue cards reaches a point of irritation that banks will actually bother to do anything about it.
For example, for those with smartphones [such as those with smartphone banking apps] there is no technological reason that your bank could not include, with your mobile banking app, a piece of software that generated a one-time pad that could be used with all card purchases, among retailers who supported that use... This would mean that instead of using a fixed 3-digit CV2, the number could be 4, 6, or 8 digits and would change with every transaction... This one change is not it itself a cure-all (your phone can still be stolen or lost) but it makes it incrementally harder for criminals. For non-smartphone users, banks could issue hardware tokens...
The cold hard truth is that card fraud hasn't yet reached the level where it's hurting the banks. Until it does, we won't get a more secure solution. If, by demanding our rights, we can accelerate that process, we stand to benefit through (significantly) reduced risk of being defrauded or inconvenienced if we're unfortunate and have our card details compromised.
Hit them where it hurts - and they will do something about it.