A computer hacker has gained access to more than 5 million Visa and Mastercard credit card accounts in the US.
The companies say no actual fraud was committed
The two companies said on Tuesday that none of the information obtained, which would include credit card numbers, was used in a fraudulent way.
But a UK-based business crime expert warned account holders could still be at risk if their cards were not reissued.
Visa and Mastercard said the hacker breached the security system of a company that processes credit card transactions on behalf of merchants.
Numbers of credit cards can be used to make payments, such as buying plane tickets or hiring cars.
The only way to eradicate the risks would be to reissue all 5 million... cards
Peter Lilley, business crime expert
Both Visa and Mastercard operate zero liability policies, which protect card holders from having to pay for any unauthorised or fraudulent charges.
Card holders at risk?
Peter Lilley, a fellow of the UK Chartered Institute of Banking and author of various books on hacking and business crime, said some hackers attack computer systems just to prove the point that the system is insecure.
But he told BBC News Online that account holders of the hacked credit cards could still be at risk.
"To gain access to 5 million different accounts is a lot.
Although fraud is at an all time low, high profile companies ... will always be targeted by criminals -Visa and our vendors are no exception
"The bottom line is, when somebody has access to 5 million numbers, it puts those accounts at risk in the future.
"Strictly speaking, the only way to eradicate the risks would be to reissue all 5 million account holders with new cards."
But he also admitted that scenario posed all sorts of logistical problems.
The Visa and Mastercard credit cards are issued by numerous financial institutions.
"And each institution could end up taking a different approach," Mr Lilley said.
A spokeswoman for Visa in the UK could not comment on any plans to reissue the compromised cards in the US.
But a UK spokesman for Mastercard said that decision was up to the card issuers.
"Although fraud is at an all time low, high profile companies, government agencies, internet programs and websites will always be targeted by criminals - Visa and our vendors are no exception.
"It is for this purpose that Visa has global fraud prevention, detection and avoidance programs and is extending secure payments in the virtual marketplace," Visa said in a statement.
More than 560 million Visa and Mastercard cards circulate in the US.
Mastercard said it informed its members two weeks ago that more than 2 million accounts had been hacked into.
Visa said about 3.4 million of its accounts were accessed by the computer hacker.
Both companies said they immediately alerted the affected banks that issued the cards.
"Visa's fraud team immediately notified all affected card issuing financial institutions, and is working with the third-party payment card processor to protect against the threat of a future intrusion," the company said in a statement.
The firms are also working with US law enforcement officials.