"EMV chip technology could not have prevented the unauthorized access, introduction of malware, and subsequent exfiltration of cardholder data," he said.
While government should stay out of setting standards, it could help deter payment card fraud through stronger law enforcement efforts worldwide. In addition, Congress could pass stiffer penalties for such crimes.
Government could also simplify data breach notification laws and promote cyberattack information sharing between the public and private sectors.
"These are all opportunities for the government to help tackle this challenge," Russo said.
Sign up for CIO Asia eNewsletters.