A recent incident that exposed 40 million credit card accounts to possible fraud is a stark reminder of how much our society depends on the security of computer records.

Unfortunately, the quality of that security may not be measuring up to our hopes or expectations.

The weak link that caused the security breach now in the news occurred at CardSystems Solutions, a credit card processing company which serves as the middle man between merchants and the credit card companies. Data thieves gained access to the CardSystems computers, collecting information on 40 million accounts, the largest breech of credit card security reported to date.

But without some corrective measures, it may not be long before that record is broken. According to industry sources, the credit card processors are the weak link in the credit card security chain. While credit card companies have worked hard to tighten their own security and worked with merchants to tighten theirs, they have failed to force the same standards on card processors.

It’s not that standards don’t exist. Card companies have set policies for processors that handle transactions, but they haven’t adequately policed compliance with those standards.

According to a Monday New York Times article, a MasterCard spokesman said that CardSystems had never demonstrated compliance with MasterCard’s standards. “They were in violation of our rules.”

Now we know who’s to blame, but how do we keep it from happening again?

The same Times article quoted Avivah Litan, an industry analyst at Gartner Inc., who confirmed that effective standards have been written but too often aren’t monitored or enforced. “If they are really serious about this program,” Litan said of the credit card companies, “they should pay attention to how the processors are guarding the data, and they are not.”

That inattention allowed CardSystems to improperly maintain mountains of data for “research purposes.” Much of the data was not encrypted and included the cardholders’ three- and four-digit security codes, making it far more valuable to potential thieves.

Card associations can impose fines on card processors, but that is of little comfort to those whose information has been compromised. What they want and need is some assurance that such breeches won’t occur in the first place.

There is little financial incentive for the processors to change their ways because most of the cost of data fraud is born by merchants. There is zero liability for the cardholders but consumers still end up paying the price when merchants have to pay higher transaction fees to cover fraud losses.

Probably the only way to impress credit card processors with the importance of maintaining high security is to find a way to place more of the financial responsibility on their shoulders. Fines imposed by credit card companies might be seen as a simple cost of doing business, but the prospect of having to compensate all or most of the losses caused by breached credit card accounts surely would get their attention and reduce the likelihood of such mistakes.