UK retailers are woefully unprepared for the kind of attack that was perpetrated on the US-based owner of the discount clothing chain TK Maxx, security experts said today.

One Manchester-based security consultant said that some British retailers were doing the equivalent of 'putting a suitcase padlock on their side gate in order to protect their home.' Another said that it would be 'simple' to conduct a fraud which resulted in millions of credit card details being stolen.

The warnings came a day after the US Department of Justice charged 11 conspirators in what it called 'the largest hacking and identity theft case ever prosecuted'.

APACS, the UK payments association, said that it was working 'hand in hand' with British retailers to help them upgrade the security on their systems, and that merchants were liable to fines in the millions of pounds if the security was found to be insufficient.

Retailers were also gradually moving over to a new scheme set up by the payment industry which places much stricter requirements on merchants who want to use new wireless payment methods, though not all had adopted it yet, APACS said.

Restaurants and other retailers are increasingly processing transactions using wireless handheld terminals.

Security experts said, however, that many retailers were simply unwilling to pay to upgrade their security systems and that until they did, the UK remained at risk of an attack such as that which resulted in the credit card details of 45.7 million customers being stolen from TJX, the American owner of the TK Maxx franchise.

"If a retailer is using one of the older security methods for wireless payments, it's possible for a hacker to break into their network a matter of seconds," said Paul Vlissidis, a security expert with the Manchester-based company NCC Group. "There are still plenty of well-known stores in the UK where something (like the US hack involving TK Maxx stores) could happen."

Paul Cronin, a security tester with the Reading-based company Pentura, said: "It's easy to do this kind of hack nowadays - and with many retailers strapped for cash and put off the massive cost of ripping out their old infrastructure to install a new one, it's become easier for criminals to exploit them."

A spokesman for the British Retail Consortium insisted that UK customers should be "confident" in using payment cards, and that the introduction of chip and pin - which requires a four digit code to be entered by the card holder at each 'in-person' transaction - gave UK card holders a mugh greater level of security than those in the US.

According to CIFAS, the fraud prevention service, the total number of fraud cases identified in the first six months of the year increased by 15 per cent to 105,000 in comparison with the same period a year ago.

Under a new scheme overseen by Visa and Master Card, all merchants who process more than a million transactions a year will have to an annual 'on site' audit, and quarterly monitoring. The scheme - known as the Payment Card Industry Data Security Standard (PCI DSS) - remains an industry code, however, and does not have the force of law.

A spokesman for Visa Europe said that most merchants were either "compliant or working to become compliant with the code", which is being rolled out globally. According to APACS, merchants which did not fulfil their duty to protect customers' details risked being liable for any losses relating to fraud, and risked having their card processing equipment taken away.

The PCI DSS sets out 12 requirements for all merchants that accept card payments, including the obligation to set up firewalls, encrypt sensitive information, restrict access to cardholder data on their network, and regularly update their anti-virus software.

Barclay Card, which processes transactions on behalf of 93,000 UK-based merchants, said that it was "offering support and guidance" to customers to help them shift over to the new scheme. Card companies are, however, understood to be frustrated that retailers are not upgrading their systems quickly enough.

Explore Tech & Web

• Personal Tech

• The Web

• Gadgets & Gaming