Folks, let me try and put some order into the discussion, since there seems to be a few misunderstandings:
But the bank would rather do nothing and absorb the loss.Merchants are liable for credit card fraud, not the issuing banks. It's merchants that carry the costs involved. They lost the goods and they have to return the money to the issuing bank along with a chargeback.Since the bank has to pay for any fraudulent charges, I guess they have the right to cancel the card and send a new one [...]
The bank cannot know who did it, neither it cares. It's usually the merchants that trigger police action.The bank doesn't give out information as to which merchant compromised it.
POS software cannot, I repeat, cannot store any kind of personal information about the purchase. This includes the PIN number for the issuing banks that have that system in their credit cards. The only thing that is stored is the issuing bank authorization code once the transaction is accepted, along with the transaction details, of course, for accounting purposes. This is a legal imposition that all POS software and hardware must obey, if they want to gain a licensed to be commercialized, or in the case of having been developed in-house, a licensed to be used.The chip is useless in preventing fraud. I've read about stores being broken into and their cash register hard-drives stolen. It seems they sometimes contain unencrypted PIN numbers from customers.
Again, would it make sense for the public to boycott such a store when it had its hard-drives stolen? YES, because that would put the pressure on point-of-sales terminals to make them 100% secure.
Information in any legal POS software is transmitted between the merchant and the issuing bank in encrypted format and no data about the Credit Card is ever stored in the merchant computers. A merchant that gets robbed, and it is revealed their registers contained any kind of credit card information, is going to be in a lot of legal troubles. Over here, at least, a class action lawsuit will almost certainly be conducted by the General Prosecutor against the merchant.
This is true of magnetic band cards of Chip & PIN cards.