If what you mean is that we find ourselves unable to do perfect security, then that's clearly true but it's missing the point.
The point of the article is that we do better security for credit card numbers than we do for other information which is more sensitive to our customers. Why do we do better with these? The author's claim is that it is because of the incentives (although, working in the industry, I would say it is also because the credit card industry wrote policies mandating specific, detailed security practices).
If what you mean is that we find ourselves unable to do perfect security, then that's clearly true but it's missing the point.
The point of the article is that we do better security for credit card numbers than we do for other information which is more sensitive to our customers. Why do we do better with these? The author's claim is that it is because of the incentives (although, working in the industry, I would say it is also because the credit card industry wrote policies mandating specific, detailed security practices).