An article relating to this blog post on Finextra:
Citi re-issues cards following merchant breach
Citigroup has started sending replacement credit cards to customers whose accounts may have been compromised in the massive Heartland Payment Systems breach, the Associated Press reports.
See article
A relevant solution to solve this issue is to add an extra layer of security avoiding the capability to "repay" with the same data (card details - static information).
Would you accept a system where, by simply collecting your physical address (for ex. with YellowPages), someone is able to enter your home. This is quite the same by authorising a transaction based only on valid "card details" (identification information).
A key to lock this system is missing!
In Europe, a one-time password solution using the chip of the already deployed banking cards, is gaining strong momentum. It replaces static-based methods (low security login-password for accessing online banking services; 'plastic' card details only to
pay). This solution, named 'Home Chip and PIN' in the UK is also largely deployed in Scandinavia, Benelux, Switzerland, Eastern Europe and is beginning to roll-out in France and Italy (named 'Vericode').
By requesting a chip card-based strong authentication to allow a transaction (for example in the 3D-Secure architecture / Verified by Visa / MasterCard SecureCode), any stolen database information will become unuseful without a fresh One-Time signature and
so, future heartland-like breaches will not force issuer to re-issue cards.