Retailer says noncompliance fines exacted by Visa following breach were out of bounds
Retail giant Genesco is suing Visa over a fine of more than $13 million that the credit card firm exacted for noncompliance with PCI guidelines following a breach in 2010.
According to a report and court documents posted by Wired magazine, Genesco is alleging that Visa's practice of levying fines through merchant bank accounts was unfair under California law, where Visa is based.
Visa is a primary enforcer of the Payment Card Industry Data Security Standard (PCI), which outlines security standards that must be maintained by merchants that accept credit card payments. Merchants that fail to comply with the security guidelines outlined under PCI are subject to fines by credit card firms or the loss of their ability to accept credit cards.
Genesco's lawsuit is the first to challenge Visa's practices for enforcing a major noncompliance penalty.
Genesco suffered a data breach in 2010, and Visa collected $5,000 fines from all of its merchant banks, many of which extracted the money from Genesco's accounts, according to the Wired report. Visa collected more than $13.3 million in penalties, and MasterCard extracted approximately $2.3 million.
According to court documents posted by Wired (PDF), the lawsuit alleges that Genesco's breach did not constitute a major violation of PCI compliance rules outlined by Visa, but the credit card firm exacted the fines anyway.
Visa did not respond to Wired's request for a comment.
Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024