IRVING, TX – Last month, Genseco sued Visa in the Tennessee
U.S. District Court over $13 million in assessments and non-compliance fees
that the card company had levied against the global retailer,
SwitchCommerce.com reports.
It was the first known case to dispute credit card company
fines based on the PCI-Data Security Standards (PCI-DSS) set by the Payment
Card Industry.
Visa had levied those fees against Fifth Third Financial and
Wells Fargo, banks that were responsible for processing credit card
information. While the banks paid the fines, they sought reimbursement from
Genesco as part of an agreement of indemnification.
The fines resulted from a cyber attack in December 2010 that
compromised customer data managed by Genesco.
According to Genesco’s complaint, Visa did not have the right
to decide whether Genesco complied with its PCI standards and that stolen
cardholder data did not lead to money stolen from consumer accounts as a result
of the hacking effort.
The case is being closely watched. If Genesco is successful,
the card companies will have less leverage in assessing PCI fines in the
future.