Big credit card companies are strict about what they expect from merchants when it comes to protecting credit card data from hackers. When retailers sign up to use Visa or other cards, they agree to safeguard data in certain ways. And if they get hacked, the penalties can be heavy.
Now the Tennessee-based retail chain Genesco is suing Visa, saying the penalty it paid for a data breach was wrong. Genesco, the company behind shopping mall stalwarts Johnston and Murphy, Journeys, and Lids, argues that, while a hacking tool was found in their system, there is no evidence hackers actually accessed sensitive information.
Though strict security standards may benefit customers, credit card companies may have overstepped their role in issuing penalties, according to Kim Zetter, senior writer at Wired.
"They have taken on the position of a federal regulatory agency," says Zetter. "Generally what happens is a company gets hacked and there might be a class action lawsuit from the customers whose data was stolen, but in this case it’s the credit card companies, and they are making millions off of this."