Genesco Sues Visa Over $13 Million In PCI Noncompliance Penalties
Retailer says noncompliance fines exacted by Visa following breach were out of bounds
Retail giant Genesco is suing Visa over a fine of more than $13 million that the credit card firm exacted for noncompliance with PCI guidelines following a breach in 2010.
According to a report and court documents posted by Wired magazine, Genesco is alleging that Visa's practice of levying fines through merchant bank accounts was unfair under California law, where Visa is based.
Visa is a primary enforcer of the Payment Card Industry Data Security Standard (PCI), which outlines security standards that must be maintained by merchants that accept credit card payments. Merchants that fail to comply with the security guidelines outlined under PCI are subject to fines by credit card firms or the loss of their ability to accept credit cards.
Genesco's lawsuit is the first to challenge Visa's practices for enforcing a major noncompliance penalty.
Genesco suffered a data breach in 2010, and Visa collected $5,000 fines from all of its merchant banks, many of which extracted the money from Genesco's accounts, according to the Wired report. Visa collected more than $13.3 million in penalties, and MasterCard extracted approximately $2.3 million.
According to court documents posted by Wired (PDF), the lawsuit alleges that Genesco's breach did not constitute a major violation of PCI compliance rules outlined by Visa, but the credit card firm exacted the fines anyway.
Visa did not respond to Wired's request for a comment.
Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024