It's an important area. The only comment I would make, without perhaps as much reflection on the issue, from a personal point of view, is that there has to be good co-operation regarding the payment providers.
I've had a number of experiences where we have a piece of AI that identifies potentially fraudulent transactions, which we block and then we automatically review. When I review them, I know they're fraudulent. I call the banks and say it's fraudulent, and no one wants to talk to me. They tell me to ship it anyway, because it's just part of their loss that they're going to pass on to their consumers.
In any part of security, it really is a team effort, and I think there would be something to do to really underline the fact that not only the Internet sites, but the payment providers really have to be sensitized to it and not just blow it off as a cost of business.