Congressman Barney Frank, the senior Democrat on the house financial services committee, says he is considering introducing legislation to force credit card companies to name and shame retailers who suffer security breaches.
In a letter to the chief executives of Visa USA and Mastercard, Frank says the firm responsible for security systems that are breached by unauthorised parties should be the one to notify customers of the incident, or should be identified publicly as the party responsible for the breach.
"If this can not be done legally at present, I feel strongly enough on this point to make legislative changes to make this a requirement," says the letter.
Frank's letter follows Visa USA's disclosure earlier this week that a data security breach at an un-named US retailer may have compromised customer accounts. As a result Bank of America, Washington Mutual and Wells Fargo all blocked and reissued some payment cards, although all have declined to identify the retailer involved in the breach.
In his letter, Frank says he raised similar concerns in 2003 after a data security breach at BJ's Wholesale Club. At that time, MasterCard and Visa informed local banks and credit unions in New England that specific card accounts had been compromised without disclosing the identity of the retailer involved.
Frank says the failure to identify the source of the breach "created an inaccurate and unfair impression that these institutions were somehow at fault and that their card programmes were not as secure or well managed as their larger bank competitors". He argues that concealing BJ's involvement "did more harm than good" and led to numerous lawsuits against the company.
He says the public interest calls for identifying the source of any breach to all affected card issuers.
Last year MasterCard and Visa notified banks of a massive security breach at Atlanta-based payments processor CardSystems Solutions that potentially exposed more than 40 million credit cards to fraud.
In June last year, Frank, along with Congresswoman Melissa Bean and Congressman Artur Davis introduced The Consumer Data Security and Notification Act of 2005 which includes requirements that consumers be informed about the company responsible for a data breach.