You are right in that there is no security on a credit card. Unlike a bank card there is no encryption on the magnetic swipe. However, read the following article. It is both true for your employees and your customers.
New Identity Theft Law Creates Lawsuit Threat For Small Businesses
Press Release June 13, 2008
(June 11, 2008) - In an effort to combat Identity Theft, the final provisions of The Fair and Accurate Credit Transactions Act (FACTA) expand the Identity Theft component of the Act. According to these new provisions, companies that haven’t taken “appropriate measures” to safeguard information from Identity Theft can be sued and face not only civil, but criminal penalties. TLV Group’s risk and compliance division is focused on helping smaller businesses comply with these provisions in a timely and cost effective manner.
“This law exposes smaller businesses to bet-the-company litigation risks that are onerous and can be mitigated with proper planning,” says Lisa Vann, Vice President of Operations for TLV Group.
As stated in the Winter 2007 issue of Texas Business Today released by Texas Commissioner Ron Lehman, “Simply put, if data aiding an identity theft originates from a security breach at your company, you could be sued, fined, or become a defendant in a class-action lawsuit by affected employees whose personal information has somehow gotten out.”
These are fairly new laws that have come into effect. I heard a lot about it in the summer of '08 as they were then being prepared to come into effect (if I remember correctly). Many small business podcasts (including Wall Street's) spent time on this issue.