GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View flipbook of this issue

Care to Share?

Table of Contents

Lead Story

Mobile payments 2013 - Part 2


Industry Update

Visa faces challenges to breach fines

FinCEN tackles regulation of virtual currency

10 debit networks pick Discover AID

PayPal co-founder continues innovation

Selling Prepaid

Prepaid in brief

Kaiku makes prepaid a lifestyle choice

Bluebird goes retro with check writing


Securing online payments in North America

Brian Crozier
NetPayment Solutions Inc.

The rise of e-money

Dave Wilkes
Fuze Network


Street SmartsSM:
Traded my drafting table for a demo bag

Dale S. Laszig
Castles Technology Co. Ltd.

Scenarios to avoid in portfolio sales

Adam Atlas
Attorney at Law

EMV for U.S. merchants: Effects and side effects of compliance

Peter Helderman

Company Profile

SCIL-EMV Academy

New Products

Next step, virtual POS

linked2pay virtual terminal
Company: Transmodus Corp.

Aloha to go

NCR Mobile Pay
Company: NCR Corp.


The long and short of service


Readers Speak

Resource Guide


A Bigger Thing

The Green Sheet Online Edition

April 08, 2013  •  Issue 13:04:01

previous next

Visa faces challenges to breach fines

A complaint filed March 7, 2013, in the U.S. Middle District of Tennessee challenges fines Visa Inc. assessed after sports apparel retailer Genesco Inc. reported a data breach in its computer system.

The retailer claims the card company has no evidence that stored customer data was taken from company computers; therefore no industry security rules were violated, and the card company had no reason to assess fines. These allegations are similar to those made against Visa in Utah state court by Cisero's Ristorante Inc. of Park City, Utah, in 2011.

Genesco breach led to fines

In December 2010, criminals intercepted unencrypted data as it was being transmitted by Genesco to its financial institution and processor. The thieves used malware inserted into the Genesco system to acquire the data.

Genesco claims that, according to Payment Card Industry (PCI) Data Security Standard (DSS) security protocols "and consistent with longstanding and pervasive industry practice, the payment card account data required for approval of a mag-stripe-swipe transaction is permitted to be transmitted in unencrypted form during the transaction approval process."

Genesco also stated that at no time did the thieves gain access to stored payment card information in its network. It further said there is no forensic evidence that any accounts on its computers were compromised by the thieves and, because it lost no stored data, it is in compliance with the PCI DSS and not subject to Visa fines.

"Visa breached its contracts with the acquiring banks and violated applicable law by imposing and collecting the non-compliance fines and issuer reimbursement assessments, because the non-compliance fines and issuer reimbursement assessments are not authorized by the Visa International Operating Regulations (VIOR)," the complaint said.

Genesco reported it paid $13,298,900.16 in assessments and noncompliance fines directly or as a result of indemnity obligations it has with its acquiring banks. Genesco's bank and acquirer, Wells Fargo Bank N.A. and Fifth Third Financial Corp., respectively, have assigned to Genesco all rights to statutory and equitable claims against Visa in this matter.

Similarities to Utah case

In the Utah case, Cisero's claims it was unlawfully assessed fines after a 2008 investigation of an alleged data breach at the restaurant concluded $1.2 million in fraud losses were attributable to the theft of unprotected credit card data from the restaurant's computer system. However, Cisero's claims it paid for two independent forensic examinations of its computer system, both of which failed to find that any card information stored on its system was breached.

Cisero's allegations are in a counter claim it filed in response to a suit filed against it by its acquirer, Elavon Inc. The acquirer is suing Cisero's to recover $82,000 in fines imposed after a card company investigation deduced fraud losses stemmed from data stolen from the restaurant's computers.

Cisero's claims its merchant services contract with Elavon that allows the acquirer to pass on fines to the restaurant imposed by Visa following a data breach is an unfair contract of adhesion that the restaurant had no choice but to sign if it wanted to continue as a viable business. The allegedly unfair contract nullifies its merchant services agreement and the restaurant is not liable for data breach fines, the counter claim asserts. Cisero's also stated Elavon accepted fines without providing the restaurant an adequate way to defend itself or challenge the assessments.

Genesco's filing and Cisero's claim

Steve Cannon is an attorney representing Cisero's and Chairman of the Washington, D.C. , law firm Constantine Cannon, the firm that negotiated a $3 billion antitrust settlement for national retailers with Visa and MasterCard Worldwide in 2003. Cannon noted that the Cisero's claim is similar to Genesco's in that they both charge the VIOR are not enforceable and the fines and penalties are invalid.

Cannon pointed out that the unenforceability of the indemnification agreement with the acquirer is significantly not an issue in the Genesco case because the acquirer and bank signed over claim rights. "Our litigation is against U.S. Bank and Elavon. They started it," he said. "Genesco is skipping the banks and going right to Visa. Cisero's is different. We were the respondent." Cannon noted that both cases not only contend the breach fines are unenforceable, but they also question how Visa calculates fine assessments.

For additional news stories, please visit and click on "Read the Entire Story" in the center column below the latest news story excerpt. This will take you to the full text of that story, followed by all other news stories posted online.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Impact Paysystems | Board Studios