[paulyasi]

If the the card brand, say Visa, would generate a public key that I could use on my web server to send them their credit card data, then I, my payment gateway, and maybe even my even my merchant bank, would never have to know the card number. VisaNet could decrypt it on their side with their private key and determine the issuer and account information to process it. Just the customer and VisaNet and the issuer probably needs the card number itself. Everyone else just needs to know the result of the transation.

[dangrossman]

A large portion, if not most, of the card numbers being bought and sold on the black market are obtained via phishing or via malware on the end-user's computer. Better encryption between the computer and online stores doesn't affect either of those theft vectors.