For a long time the burden of chasing after credit card theft or fraud has been placed on the shoulders of the issuing bank. That may soon change as more states are passing legislation that requires retail establishments to become PCI compliant and make sure that their systems will prevent such activity from occurring. Frankly it's about time. Why should financial institutions foot the bill for bad practice by a retailer that they have no control over? For smaller institutions this can add up to hefty losses over time. Lets hope more states adopt this practice and do it soon.

Full Story on eSecurity Planet:

 

New Law Lets Banks Recover Data Breach Costs