Credit card companies have a much greater exposure to fraud than they are currently admitting to, a US technology security expert claimed yesterday.

Richard Rushing, chief security officer with AirDefense, said the major credit card issuers would not be going to the expense of introducing the new Payment Card Industries (PCI) security standards if the level of card fraud was actually 3 per cent as they claim.

PCI provides a defined set of enhanced security standards that are designed to increase security at the retail level.

But Mr Rushing says retailers are engaging in unsecure practices, such as using wireless communications or using credit and debit card details as unique identifiers in customer databases, to provide convenience for customers.

The use of poorly-secured wireless technology led to the security breach at TJX, the parent company of discount retailer TK Maxx.

In that instance, 45.7 million credit and debit cards were found to have been compromised.

Mr Rushing said the inclusion of sections relating to wireless technology in the PCI standards suggested it is a growing problem for retailers and the card industry.

"Why would you even bring up rogue [ wireless] access points if you haven't had problems with these devices in the past?" asked Mr Rushing.

He said securing wireless communications over the Wi-Fi standard was challenging because radio waves are difficult to contain in a single building.

He also advised retailers who secure connections between point of sale systems, where customers input their Pin numbers, and their back office systems with the WEP standard, to desist.

WEP, which is the most common form of Wi-Fi security, was at the root of the recent security flaw discovered in 250,000 Netopia broadband routers distributed by Eircom.

"When you do it with wireless everyone can see everything," said Mr Rushing.

"It's like screaming your credit card number across the pub when the guy says 'you have to pay for that pint'."