How a sound payment system works
The buyer and the seller generate each their own private keys on their own (secure) equipment. The buyer and the seller compute by themselves their public keys from their private keys. The seller transmits his public key or a hash thereof to the buyer. The buyer produces a signature for his payment transaction, mentioning the amount to pay to the seller’s public key or a hash thereof. The customer transmits his public key and his signature along with the transaction to the ledger. The seller verifies the ledger for the existence of such transaction. If it exists in the ledger, he has effectively been paid.
The security rules
Rule 1: It is strictly forbidden to generate or transmit a private key to someone else
Rule 2: It is strictly forbidden to ask for a private key
Rule 3: It is strictly forbidden to accumulate databases of private keys
How the credit card system works
In the credit card system, the credit card number is at the same time private key, public key, and signature.
The fiat bank breaks rule 1 by generating credit card numbers for its customers and storing them in databases, breaking rule 3. The sellers break rule 2 by asking the customer to provide his credit card number for payment. On top of that, many sellers break rule 3 by accumulating databases of private keys.
It is not possible to protect the credit card system from attack. The fiat banks and the credit card networks have repeatedly been told to stop doing what they are doing now. A combination of external and internal attacks will end up siphoning off all the money accessible by credit cards.
What they are doing, is strictly forbidden.