Smartcards are unnecessary. This is the Solution
Since this is the only solution guaranteed to solve the credit card/retailer problem, without causing major system redesigns and disruptions, I'll explain it in detail.
First, the credit card companies give everyone a UserID, which gets put on the credit card, instead of the number.
Next, everyone chooses a keyword, like 'NeimanMarcus' or 'Target' (too soon?).
The POS system connects to the credit card company, as usual but, instead of prompting for a password, it displays a matrix of upper/lowercase alphabets, with a random pattern of 1's and 0's underneath.
The user types the 1's and 0's corresponding to his keyword, which goes to the credit card company for approval. After limit checks, expiry checks etc, the user is approved.
The next time the user makes a purchase, the pattern of 1's and 0's is completely different, so the previously typed code is useless to an attacker. Doesn't matter whether it's malware, network snoopers, or spy cameras, the information is always useless.
For obvious reasons, anything in the retailer's logs is also totally useless.
Now, isn't that easier than redesigning the whole system, adding encryption and buying EMV cards?