Tennessee-based retailer Genesco has filed the first lawsuit challenging PCI compliance-related fines issued by Visa—a case that could change the way PCI compliance is treated in the future.
In March, Genesco filed suit against Visa for $13.3 million in non-compliance fines issued by the credit card company. Visa and MasterCard charged Wells Fargo and Fifth Third, which processed credit and debit transactions for Genesco, a combined $15.5 million in fines.
The suit challenges Visa’s previous claims of non-compliance, and the complaint maintains that Genesco was compliant with PCI guidelines. The suit said Visa issued the fine arbitrarily, due to a lack of a evidence that any cardholder data was stolen during a 2010 security breach.
“This is the first time that a merchant has actively argued against PCI compliance,” Terrance Howard, whose site helps businesses find PCI compliant web hosting for their websites, said. “Genesco just may be setting a new legal precedent for fighting future noncompliance fines.”
The company’s complaint includes breach-of-contract claims and alleged violations of California’s unfair business practices law. Visa has moved to dismiss the complaint, though Genesco has not yet filed a response.
PCI guidelines were established in 2004 as a set of obligations that requires merchants who accept electronic payments to meet a number of standards intended to protect cardholder data. Since the implementation of the standards, merchants have been fined millions of dollars in noncompliance fees. Genesco is the first company to file a direct suit against a credit card company to fight noncompliance fees.