PCI laws, which require basic network security measures for merchants processing transactions for Visa, MasterCard, American Express, Discover Financial Services or Japan Credit Bureau, were mandated on September 7 this year.

Security measures range from installation of firewalls for POS machine networks for merchants processing under 20,000 transactions, to third-party audits for large organizations processing more than 6 million Visa or MasterCard sales.

Visa Australia and New Zealand executive vice president Bruce Mansfield said while it is hosting PCI awareness seminars, the responsibility is on banks and merchants to comply.

"While the education campaign lifts standards, ultimately retailers need to take responsibility for protecting customers' personal information especially as Australia falls behind China in data protection," Mansfield said.

"Businesses who are lax about upgrading their security measures face a consumer backlash, loss of reputation and could be liable for significant legal costs, so business would be wise to audit their processes before Christmas." Visa Australia and New Zealand risk manager Ian McKindley said the ignorance of banks and merchants is concerning as there are about 12 million Visa cards in Australia contributing A$140 billion (US$106 million) worth of transactions annually.