The payment card set-up involves a large number of autonomous players, and a large number of communication links -- it's a large front-line for the hackers to probe for a weak link.
Compromise of a financial database
The two main risks are:
Hackers consistently have the upper hand, scoring big, yet the vast majority of trades remains uncompromised.
The networks that run the payment card ecosystem impose a string security code, mandating that network members would abide by a published security code.