Genesco Lawsuit Could Shake PCI Compliance Regime To Its Core

A repost of a very interesting article from Network Computing. World-wide, business have spent millions in achieving compliance to the PCI standard. If it transpires that the fines levied by the credit card companies are not legal, then the implications will be far reaching and will touch the whole ecosystem that has sprung up around PCI and compliance. Hundreds of companies and thousands of employees provides services and products in the PCI compliance sector and this judgement could have a significant impact on them.

Barry Hesk
Intrinsic Network Solutions

As the security industry digests the news that for the first time a merchant is taking a major card brand and its payment processor to court over PCI noncompliance fines, speculation has started to fly about the long-range impact the case could have on the PCI compliance ecosystem.

On its face, the $13 million complaint from Tennessee-based retailer Genesco against Visa seems like pretty standard business litigation. But according to some, the suit has the potential to disrupt PCI’s influence in the merchant community.

“It really doesn’t look on the first account to be a very big case, but it’s the first retailer that kind of goes up against the establishment,” says Torsten George, vice president of worldwide marketing, products, and support for Agiliance. “If the court would decide to reverse the penalties imposed on Genesco, it would really shake the foundation of the PCI Security Standards Council to its core.”

Last week, Genesco petitioned the court in Tennessee to order to reimburse the company for more than $13.3 million in penalties collected on behalf of the card brand by payment processors Wells Fargo And Fifth Third Financial Corp. following a 2010 data breach at the sports retailer. The heart of the case revolves around Visa’s contractual language about what constitutes noncompliance for the sake of the levying of fines. In its suit, Genesco contends that it was in compliance with PCI rules at the time of the breach.

Genesco Lawsuit Could Shake PCI Compliance Regime To Its Core
Fri, 22 Mar 2013 14:02:00 GMT

Leave a Reply