When the Texas assembly this month unaninously approved a bill mandating PCI compliance, it set in motion a potentially interesting retail security development.
The state bill--which still needs the blessing of the Texas state senate and the Texas governor-doesn't directly impose penalties on non-compliant retailers, but it does shield compliant merchants from banks trying to collect damages, a protection that is explicitly missing for those can't prove PCI compliance.
If other states take their cue from Texas, it would cerainly give additional teeth for PCI compliance programs, but it wouldn't necessarily solve the problems that is causing so many retailers to not comply. It's also not clear how national retailers would be impacted. Could banks simply sue somewhere outside of Texas? But if other states start to adopt, this could get very interesting very quickly.