Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Retailer Sues Visa Over $13 Million 'Fine' for Being Hacked

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 13 Mar 2013 01:20:04 -0500 (CDT)
http://www.wired.com/threatlevel/2013/03/genesco-sues-visa/

By Kim Zetter
Threat Level
Wired.com
03.12.13
A sports apparel retailer is fighting back against the arbitrary multi-million-dollar penalties that credit card companies impose on banks and merchants for data breaches by filing a first-of-its-kind $13 million lawsuit against Visa.
The suit takes on the payment card industry’s powerful money-making system of punishing merchants and their banks for breaches, even without evidence that card data was stolen. It accuses Visa of levying legally unenforceable penalties that masquerade as fines and unsupported damages and also accuses Visa of breaching its own contracts with the banks, failing to follow its own rules and procedures for levying penalties and engaging in unfair business practices under California law, where Visa is based.
It’s the first known case to challenge card companies over the self-regulated PCI security standards — a system that requires businesses accepting credit and debit card payments to implement a series of technological steps to secure card data. The controversial system, imposed on merchants by credit card companies like Visa and MasterCard, has been called a “near scam” by a spokesman for the National Retail Federation and others who say it’s designed less to secure card data than to profit credit card companies while giving them executive powers of punishment through a mandated compliance system that has no oversight.
When a breach occurs, the card companies collect their fines from the third-party banks that process the card transactions, instead of the merchants, who have more incentive to fight the fines. Third-party banks then simply collect the money from the customer’s account or sue them for uncollected balances, using the indemnification clauses in their contracts to justify it. The card companies collect their fines with no hassle and merchants, in the meantime, are left fighting to dispute the fines and get their money back from the card companies. 

[...]


______________________________________________
Attend #HITB2013AMS April 8th - 11th in Amsterdam.
Featuring over 42 international speakers and keynotes
by Bob Lord and Edward Schwartz http://conference.hitb.org
Previous By Date Next
Previous By Thread Next

Current thread: