The alleged hacking ring that is said to have stolen 40 million bank-card details in the US is likely to increase calls for a new look at UK laws. Only last month  a House of Lords committee reiterated earlier calls for more protection for shoppers which it said had been ignored by the government.

The Science and Technology subcommittee said organisations should be obliged to reports data losses, and that banks should be held responsible for losses from e-fraud. It heard evidence that banks often refuse refunds for losses involving the use of a PIN or password.

But Jonathan Armstrong, a partner in law-firm Eversheds' technology group, points out  that the alleged ring did not appear to have been thwarted by security-breach legislation in some of the US states affected. "UK companies are already obliged to make sure attacks like this do not happen," he said.

David Hobson, managing director of security-systems specialist GSS, said the scam seemed to have involved  quite sophisticated hacking of the wireless networks in stores and showed the need for the best possible protection. "It's all very well using complex encryption passwords, but if you've left the admin password on your wireless router at its default setting, you might as well not bother using encryption in the first place," he said.