Genesco Sues Visa Over $13 Million In PCI Noncompliance PenaltiesGenesco Sues Visa Over $13 Million In PCI Noncompliance Penalties
Retailer says noncompliance fines exacted by Visa following breach were out of bounds

Retail giant Genesco is suing Visa over a fine of more than $13 million that the credit card firm exacted for noncompliance with PCI guidelines following a breach in 2010.
According to a report and court documents posted by Wired magazine, Genesco is alleging that Visa's practice of levying fines through merchant bank accounts was unfair under California law, where Visa is based.
Visa is a primary enforcer of the Payment Card Industry Data Security Standard (PCI), which outlines security standards that must be maintained by merchants that accept credit card payments. Merchants that fail to comply with the security guidelines outlined under PCI are subject to fines by credit card firms or the loss of their ability to accept credit cards.
Genesco's lawsuit is the first to challenge Visa's practices for enforcing a major noncompliance penalty.
Genesco suffered a data breach in 2010, and Visa collected $5,000 fines from all of its merchant banks, many of which extracted the money from Genesco's accounts, according to the Wired report. Visa collected more than $13.3 million in penalties, and MasterCard extracted approximately $2.3 million.
According to court documents posted by Wired (PDF), the lawsuit alleges that Genesco's breach did not constitute a major violation of PCI compliance rules outlined by Visa, but the credit card firm exacted the fines anyway.
Visa did not respond to Wired's request for a comment.
Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author
You May Also Like
Securing the Remote Workforce
Feb 20, 2025Emerging Technologies and Their Impact on CISO Strategies
Feb 25, 2025How CISOs Navigate the Regulatory and Compliance Maze
Feb 26, 2025Where Does Outsourcing Make Sense for Your Organization?
Feb 27, 2025Shift Left: Integrating Security into the Software Development Lifecycle
Mar 5, 2025