{"id":2343,"date":"2013-03-18T00:00:00","date_gmt":"2013-03-18T00:00:00","guid":{"rendered":"http:\/\/otava.test\/genesco-sues-visa-over-pci-noncompliance-fines\/"},"modified":"2013-03-18T00:00:00","modified_gmt":"2013-03-18T00:00:00","slug":"genesco-sues-visa-over-pci-noncompliance-fines","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/genesco-sues-visa-over-pci-noncompliance-fines\/","title":{"rendered":"Genesco Sues Visa Over PCI Noncompliance Fines"},"content":{"rendered":"

On March 7th, the sportswear company Genesco filed a lawsuit against Visa. The issue? In 2010 Genesco\u2019s computer system was breached, potentially allowing customer credit card information to be accessible to attackers. Due to this data breach, Visa charged Genesco with over $13 million in fines for noncompliance with the Payment Card Industry Data Security Standards (PCI-DSS).<\/p>\n

Now, Genesco is claiming that the attackers did not access any stored payment card data from their systems, but was trying to get the data as it was being transmitted to credit card processors using packet-sniffing malware on the company\u2019s network. Coming straight from the Genesco complaint<\/a>:<\/p>\n

The feature of the payment card system that the criminals sought to exploit in the Intrusion is that, according to PCI DSS security protocols and consistent with longstanding and pervasive industry practice, the payment card account data required for approval of a mag-stripe-swipe transaction is permitted to be transmitted in unencrypted form during the transaction approval process.<\/em><\/p>\n

The fines imposed on merchants after a data breach are supposed to be for their failure to meet PCI standards, resulting in noncompliance, but Genesco attests in their complaint that they were compliant at the time of the breach.<\/p>\n

Also, Visa stated at the time of the breach that every Visa card processed by Genesco from December 2009 through December 2010 had been compromised, which is another assertion Genesco disagrees with, stating that when their servers reboot any cardholder data that may have been temporarily stored in log files would have been overwritten. This would mean a slim chance of a whole year\u2019s worth of data being stored within their system. Genesco also claims that Visa has no forensic evidence that the aforementioned accounts had, in fact, been compromised.<\/p>\n

This lawsuit is the first recorded in which a merchant has challenged the PCI noncompliance fines after a data breach. Mastercard also imposed fines, but currently Genesco has not filed a lawsuit against them for them.<\/p>\n

\n

\"PCI<\/a>Looking for more information on PCI hosting requirements, recommendations, and the foundation of a secure PCI compliant data center<\/a>?<\/p>\n

Download our PCI Compliant Hosting white paper<\/a> now for a complete guide to PCI hosting with IT vendors.<\/p>\n

Still have questions? <\/strong>Contact us<\/a> or chat<\/a> with us now. Find out more about our fully compliant, PCI hosting<\/a> solutions, or submit a quote request<\/a> for your project today.<\/p>\n

\n","protected":false},"excerpt":{"rendered":"

On March 7th, the sportswear company Genesco filed a lawsuit against Visa. The issue? In 2010 Genesco\u2019s computer system was breached, potentially allowing customer credit card information to be accessible to attackers. Due to this data breach, Visa charged Genesco with over $13 million in fines for noncompliance with the Payment Card Industry Data Security Standards (PCI-DSS). Now, Genesco is claiming that the attackers did not access any stored payment card data from their systems, but was trying to get the data as it was being transmitted to credit card processors using packet-sniffing malware on the company\u2019s network. Coming straight from the Genesco complaint: The feature of the payment card system that the criminals sought to exploit in the Intrusion is that, according to PCI DSS security protocols and consistent with longstanding and pervasive industry practice, the payment card account data required for approval of a mag-stripe-swipe transaction is permitted to be transmitted in unencrypted form during the transaction approval process. The fines imposed on merchants after a data breach are supposed to be for their failure to meet PCI standards, resulting in noncompliance, but Genesco attests in their complaint that they were compliant at the time of the breach….<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"other_category":[],"class_list":["post-2343","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"acf":[],"yoast_head":"\nGenesco Sues Visa Over PCI Noncompliance Fines | OTAVA<\/title>\n<meta name=\"description\" content=\"Sportswear company Genesco filed a lawsuit against Visa over an alleged data breach of its systems and a resulting PCI compliance breach fine of $13M.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.otava.com\/blog\/genesco-sues-visa-over-pci-noncompliance-fines\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Genesco Sues Visa Over PCI Noncompliance Fines\" \/>\n<meta property=\"og:description\" content=\"Sportswear company Genesco filed a lawsuit against Visa over an alleged data breach of its systems and a resulting PCI compliance breach fine of $13M.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.otava.com\/blog\/genesco-sues-visa-over-pci-noncompliance-fines\/\" \/>\n<meta property=\"og:site_name\" content=\"OTAVA\" \/>\n<meta property=\"article:published_time\" content=\"2013-03-18T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/pci-white-paper-sm.gif\" \/>\n<meta name=\"author\" content=\"Irma Brillantes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Irma Brillantes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.otava.com\/blog\/genesco-sues-visa-over-pci-noncompliance-fines\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/blog\/genesco-sues-visa-over-pci-noncompliance-fines\/\"},\"author\":{\"name\":\"Irma Brillantes\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\"},\"headline\":\"Genesco Sues Visa Over PCI Noncompliance Fines\",\"datePublished\":\"2013-03-18T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/genesco-sues-visa-over-pci-noncompliance-fines\/\"},\"wordCount\":398,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/genesco-sues-visa-over-pci-noncompliance-fines\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/pci-white-paper-sm.gif\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.otava.com\/blog\/genesco-sues-visa-over-pci-noncompliance-fines\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.otava.com\/blog\/genesco-sues-visa-over-pci-noncompliance-fines\/\",\"url\":\"https:\/\/www.otava.com\/blog\/genesco-sues-visa-over-pci-noncompliance-fines\/\",\"name\":\"Genesco Sues Visa Over PCI Noncompliance Fines | OTAVA\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/genesco-sues-visa-over-pci-noncompliance-fines\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/genesco-sues-visa-over-pci-noncompliance-fines\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/pci-white-paper-sm.gif\",\"datePublished\":\"2013-03-18T00:00:00+00:00\",\"description\":\"Sportswear company Genesco filed a lawsuit against Visa over an alleged data breach of its systems and a resulting PCI compliance breach fine of $13M.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.otava.com\/blog\/genesco-sues-visa-over-pci-noncompliance-fines\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.otava.com\/blog\/genesco-sues-visa-over-pci-noncompliance-fines\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/blog\/genesco-sues-visa-over-pci-noncompliance-fines\/#primaryimage\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/pci-white-paper-sm.gif\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/pci-white-paper-sm.gif\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.otava.com\/blog\/genesco-sues-visa-over-pci-noncompliance-fines\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.otava.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Genesco Sues Visa Over PCI Noncompliance Fines\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.otava.com\/#website\",\"url\":\"https:\/\/www.otava.com\/\",\"name\":\"OTAVA\u00ae\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.otava.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.otava.com\/#organization\",\"name\":\"OTAVA\u00ae\",\"url\":\"https:\/\/www.otava.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"caption\":\"OTAVA\u00ae\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\",\"name\":\"Irma Brillantes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"caption\":\"Irma Brillantes\"},\"url\":\"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Genesco Sues Visa Over PCI Noncompliance Fines | OTAVA","description":"Sportswear company Genesco filed a lawsuit against Visa over an alleged data breach of its systems and a resulting PCI compliance breach fine of $13M.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.otava.com\/blog\/genesco-sues-visa-over-pci-noncompliance-fines\/","og_locale":"en_US","og_type":"article","og_title":"Genesco Sues Visa Over PCI Noncompliance Fines","og_description":"Sportswear company Genesco filed a lawsuit against Visa over an alleged data breach of its systems and a resulting PCI compliance breach fine of $13M.","og_url":"https:\/\/www.otava.com\/blog\/genesco-sues-visa-over-pci-noncompliance-fines\/","og_site_name":"OTAVA","article_published_time":"2013-03-18T00:00:00+00:00","og_image":[{"url":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/pci-white-paper-sm.gif","type":"","width":"","height":""}],"author":"Irma Brillantes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Irma Brillantes","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.otava.com\/blog\/genesco-sues-visa-over-pci-noncompliance-fines\/#article","isPartOf":{"@id":"https:\/\/www.otava.com\/blog\/genesco-sues-visa-over-pci-noncompliance-fines\/"},"author":{"name":"Irma Brillantes","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263"},"headline":"Genesco Sues Visa Over PCI Noncompliance Fines","datePublished":"2013-03-18T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.otava.com\/blog\/genesco-sues-visa-over-pci-noncompliance-fines\/"},"wordCount":398,"commentCount":0,"publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"image":{"@id":"https:\/\/www.otava.com\/blog\/genesco-sues-visa-over-pci-noncompliance-fines\/#primaryimage"},"thumbnailUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/pci-white-paper-sm.gif","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.otava.com\/blog\/genesco-sues-visa-over-pci-noncompliance-fines\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.otava.com\/blog\/genesco-sues-visa-over-pci-noncompliance-fines\/","url":"https:\/\/www.otava.com\/blog\/genesco-sues-visa-over-pci-noncompliance-fines\/","name":"Genesco Sues Visa Over PCI Noncompliance Fines | OTAVA","isPartOf":{"@id":"https:\/\/www.otava.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.otava.com\/blog\/genesco-sues-visa-over-pci-noncompliance-fines\/#primaryimage"},"image":{"@id":"https:\/\/www.otava.com\/blog\/genesco-sues-visa-over-pci-noncompliance-fines\/#primaryimage"},"thumbnailUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/pci-white-paper-sm.gif","datePublished":"2013-03-18T00:00:00+00:00","description":"Sportswear company Genesco filed a lawsuit against Visa over an alleged data breach of its systems and a resulting PCI compliance breach fine of $13M.","breadcrumb":{"@id":"https:\/\/www.otava.com\/blog\/genesco-sues-visa-over-pci-noncompliance-fines\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.otava.com\/blog\/genesco-sues-visa-over-pci-noncompliance-fines\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/blog\/genesco-sues-visa-over-pci-noncompliance-fines\/#primaryimage","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/pci-white-paper-sm.gif","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/pci-white-paper-sm.gif"},{"@type":"BreadcrumbList","@id":"https:\/\/www.otava.com\/blog\/genesco-sues-visa-over-pci-noncompliance-fines\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.otava.com\/"},{"@type":"ListItem","position":2,"name":"Genesco Sues Visa Over PCI Noncompliance Fines"}]},{"@type":"WebSite","@id":"https:\/\/www.otava.com\/#website","url":"https:\/\/www.otava.com\/","name":"OTAVA\u00ae","description":"","publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.otava.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.otava.com\/#organization","name":"OTAVA\u00ae","url":"https:\/\/www.otava.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","caption":"OTAVA\u00ae"},"image":{"@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263","name":"Irma Brillantes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","caption":"Irma Brillantes"},"url":"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2343","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/comments?post=2343"}],"version-history":[{"count":0,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2343\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/media?parent=2343"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/categories?post=2343"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/tags?post=2343"},{"taxonomy":"other_category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/other_category?post=2343"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}