According to a report and court documents posted by Wired magazine, Genesco is alleging that Visa's practice of levying fines through merchant bank accounts was unfair under California law, where Visa is based.
Visa is a primary enforcer of the Payment Card Industry Data Security Standard (PCI), which outlines security standards that must be maintained by merchants that accept credit card payments. Merchants that fail to comply with the security guidelines outlined under PCI are subject to fines by credit card firms or the loss of their ability to accept credit cards.
Genesco's lawsuit is the first to challenge Visa's practices for enforcing a major noncompliance penalty.
Genesco suffered a data breach in 2010, and Visa collected $5,000 fines from all of its merchant banks, many of which extracted the money from Genesco's accounts, according to the Wired report. Visa collected more than $13.3 million in penalties, and MasterCard extracted approximately $2.3 million.
According to court documents posted by Wired (PDF), the lawsuit alleges that Genesco's breach did not constitute a major violation of PCI compliance rules outlined by Visa, but the credit card firm exacted the fines anyway.
Visa did not respond to Wired's request for a comment.
Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.