With a data breach dispute between Visa Inc. and Nashville-based retailer Genesco Inc. heading toward a July 2014 trial, Visa lawyers are asking a federal judge to dismiss some claims in a lawsuit Genesco filed against the card brand.
In March, Genesco, the parent company of Journeys, Lids and Johnston & Murphy, filed a suit against Visa because the merchant's acquiring banks took $13 million from Genesco's account to cover fines Visa imposed following a 2010 breach of the retailer's payment card data.
Visa had fined Fifth Third Bank and Wells Fargo Bank $5,000 each, plus another $13.3 million to cover expenses and fraudulent charges made to accounts. The network accused the banks of failing to make sure their retailer client complied with the Payment Card Industry data security standard, which describes how companies must protect the card data they handle.
Meanwhile, Genesco claims its payments network was compliant with the PCI standard, while also stating it had found no evidence that account data was stolen.
Visa filed its motion last week in the U.S. District court in Nashville, saying two of Genesco's seven claims should be stricken on legal grounds, according to a report this week in The Tennessean.
Genesco has claimed from the start that hackers used a "packet sniffing" software that took advantage of a PCI security protocol, essentially allowing unencrypted transmission of account data to approve a mag-stripe transaction.
Genesco also argues that Visa's assessments were unjust and put Visa in violation of California's Unfair Competition Law.
In its motion, Visa says that claim should be stricken because the state law doesn't apply to contract disputes. Genesco also isn't seeking restitution, the only type of monetary award available under the law, Visa contends.
The court document indicates Visa intends to challenge Genesco's other legal claims at a later date. The court has not scheduled a hearing date on the motion, the Tennessean reports.
Lawyers for Genesco or Visa could not be reached by deadline.
The Genesco case has a similar ring to it as a Utah case involving Cisero's Ristorante and Nightclub, which is another example of a retailer filing suit as a result of an acquiring bank taking money from the retailer's account to cover data-breach fines.
The key difference is that Genesco's suit represents one of the first in which a retailer is directly suing the card brand over a PCI violation dispute, whereas Cisero's filed suit against its processor and acquiring bank.