"We, of course, strongly oppose it," he said. To put in a state law and have it favor the banks is "sending money one way," he said. "That's just plain wrong and we can't accept that," especially because there are multiple parties involved in a payment card transaction.

While retailers need to shore up security, card-issuing banks have their own responsibility for improved user authentication and for reducing fraudulent card use on their networks, Hurst said. "It would be one thing if the issuing banks were also held 100 percent responsible [for losses incurred by retailers] when a card is fraudulently used."

What also makes the proposed bill egregious is the fact that credit card companies and banks are already recovering fraud-related costs upfront from retailers via the so-called interchange fees associated with card use, he said. Contractual agreements between all parties in the payment card chain also ensure that merchants who suffer breaches already pay for the costs involved in dealing with it.

"What the bill is suggesting is a third level of recovery and that is just unacceptable," Hurst said.

John Pescatore, an analyst with Gartner Inc., echoed similar concerns.