After surviving Visa’s motion to dismiss, Genesco has filed a motion for summary judgment claiming that fines imposed by Visa under its PCI Compliance Program for a data breach were unenforceable under California law because they intended to punish rather than compensate. Genesco further alleged that Visa’s own internal documents support this characterization as punitive. Although many in the retail and payments space viewed Genesco’s chances as slim when this litigation was initiated, Genesco’s success to date could be a signal to other industry players that they should consider litigating the validity of fines issued under the PCI regime.

View the full story here (source: Main Justice).