CardSystems data theft incident shows that security standard compliance must be policed in the same way hackers choose their victims. Visa and MasterCard should have organized roaming security teams and let them loose at the card issuers, processors, and merchants. Each team would be financed with collected penalties so that only the best teams will survive.