Yes, carrying around cash is lower risk than a credit card with $0 liability limits. Or not. I'll stick to credit cards. Safer for me. Worse for the retailer. They are likely hoping this legislation will lower liability for the retailer, and push it on the banks or customers.
And there's the REAL reason.
The customer getting their CC stolen is a minor inconvenience of having to reset their auto-payment systems. But a retailer hit with a chargeback? Big problem.
If credit cards keep getting leaked out, eventually they're going to be used by someone and it could hit the retailer. Who doesn't find out until they charge it and the bank tells them that no, they were a victim, too bad, so sad.
Card Not Present transactions (mail order, online) are the most riskiest transaction of all - even swiping is more secure as you can verify the embossed number against the stored number, and the CVV. Then there's Chip+PIN and EMV which are the most secure methods we have now (they're not super super super secure, but on a relative scale, they are the most secure).
And online retailers want data protection laws because eventually they're going to be a victim.
I know when my bank called me, some guy racked up $1000 worth of stuff, including $500 at some drum store. That's $500 in inventory that that retailer lost - hope they have the transaction details so they could trace where the product fraudulently went.
And yes, in the 14 years I've had a credit card, I've had 2 legit chargebacks - 1 was for a product they never shipped, and another was a product that never arrived. In the past 3 years, I've changed my credit card about 5 times already. Total loss to me? Maybe about $200 in cash that I had to run to the bank to pay off a bill because the replacement card didn't arrive in time to be billed to the card. (and likewise, a $200 less charged to my credit card. Since I pay it off every month, it washes out).
Retailers will probably demand some sort of EMV system for online purchases where most likely either you use an app on your phone to enter transaction details (merchant ID, transaction ID, amount transacted, etc) and it spits back a hash for that transaction that verifies the card. Fancier cards will have the electronics to do it on the card to do that so all you have to do is whip out your card. (The card can be powered by a battery - since the cards are only good for 3 years, the battery only has to last at least that long, and it's something we're able to do since regular digital watches with fancy interfaces can often last 7-10 years on an itty-bitty battery).