Why are companies, such as Visa, investing in security tools to protect their customers’ private information?

Why are companies, such as Visa, investing in security tools to protect their customers’ private information? What are ways of securing your data in order to keep hackers out of your database?

The last place I worked we sold facial products to customers. There were some processes we had in place that annoyed some of our customers. It was not that we wanted to annoy our customers, but Visa and MasterCard required these processes to be in place in order to protect themselves. Like we always had to ask a customer for their credit card number when they wanted to order other items besides what their monthly plan included. I had a couple of customers actually quit their subscriptions because of this, but these policies were necessary, and if we did not implement them than we could have risked our ability to use these credit cards for transactions. When a report comes in that a card is stolen, Visa covers the expenses, so they have to enforce these rules in order to protect themselves. Wikipedia lists a few types of ways to secure a database.

Access control	Limit those who users and applications that can access the database. This reduces the surface area the attack can come from.
Auditing	This can be running reports and locating stress points in the database that can be exploited. At my workplace we have plain-clothed hackers that try and infiltrate the building and access out computer systems. Then they write a report on their attack, It sounds like a pretty fun job.
Authentication	Be sure that those who log in are the people or applications that they say that they are. This could be through a password (not the default password) or using tools like active card or RSA token.
Encryption	See discussion question 1.
Integrity controls	Make sure the rules are in place to ensure that the data that is being entered into the database is not going to cause the database to become corrupted or execute malicious code.
Physical security	Although this is not listed in wikipedia, its worth mentioning that the first and best line of defense is physically keeping an intruder away from the servers the data is on and the computers that access it. I guess related to this is masking passwords so the casual onlooker or disgruntled employee doesn’t know the password.