Securing the current protocol for credit card transactions is completely hopeless. It is inherently insecure because the "secret" information used to authorize a transaction is not bound to that transaction, and so it's reusable. Even if you were able to secure the system against brute-force attacks like this one, you can never secure against phishing. The only way to fix it is to change the protocol to one that relies on public-key cryptography and secure digital signatures.
EMV tokens and virtual card numbers attempt to mitigate against the re-use factor. 3D secure adds a layer of auth to the regular method (at some expense).
There is a large infrastructure (acceptance, processing, acquiring, clearing, issuing) running on card numbers so the solutions mentioned above all attempt to build on top of them as oppose to replace them with something better. As the logistics of doing so tend to be prohibitive.
http://blog.rongarret.info/2013/02/a-simple-solution-to-cred...