Sports retailer Genesco is suing Visa for $13.3 million following a security breach, alleging the Payment Card Industry’s fines are too arbitrary, according to eWEEK. The specialty sports-apparel company filed a lawsuit against Visa on March 7 to recover losses from fraudulent transactions.
The Payment Card Industry’s Data Security Standards force companies to respect several security standards or else face fines from the industry.
â€œThis is one of the first cases making it into the public where the merchant is saying â€˜I’m sick and tired of being put into a position where I basically have no choices and I’m sick and tired of being a slave of the system,â€™â€ Torsten George, vice president for risk-management firm Agiliance, told eWEEK. â€œMerchants want to try to get more objective treatment from the credit-card companies.â€
The lawsuit comes after Genesco suffered a cyber-attack in 2010. The attackers installed a packet sniffer on the company’s network to steal sensitive information sent to banks. The sports retailer provided limited details about the breach, but said the attackers didnâ€™t manage to grab card data stored on the system.
In January of this year, the banks the retailer worked with were forced to pay two large fees, but passed them on to Genesco.
â€œVisa’s imposition of the (fines) is a violation of Visa’s contract (with the banks), because at the time of the intrusion and all other relevant times, Genesco was in compliance with the PCI-DSS requirements,” the court documents read.
If the judge agrees, credit-card companies would not be allowed to fine merchants except for provable losses, which will limit enforcement of the industryâ€™s security standards.