Banks could increase the cost of processing card transactions for businesses that do not adhere to the Payment Card Industry (PCI) security policy.
PCI is a set of security measures that any organisation accepting credit card payments must meet.
Following the loss of 45 million card numbers at US retailer TJX, Diane Kelley, service director responsible for security at analyst firm Burton Group, has seen banks in the US increase bank charges for non-PCI-compliant organisations.
She expects this to start occurring in the UK. "Banks will increase charges if you are non-PCI compliant," she said.
Kelley said legislation forcing organisations that lose credit card information to pay card-issuing banks and remunerate losses already exists in the state of Minnesota, where the original TJX store was hacked. This legislation is being considered in Texas, Massachusetts and California.
Kelley said, "Banks will make you accountable for the credit card loss." In the TJX case, she said, banks were suing the retailer to recoup the cost of reissuing credit cards, which could amount to costs of hundreds of millions of pounds.