Retailers do have their sympathizers. "The best outcome for the industry would be for this lawsuit to lead to the creation of an independent governing body that would assess PCI compliance to the set guidelines," said Torsten George, vice president of worldwide marketing, products and support for security vendor Agiliance.
However, Chuvakin and Kindervag said such an independent body is not warranted. "It's a business arrangement," Kindervag said. "If you don't want to deal with PCI, then don't take credit cards in your business."
The only other case similar to Genesco's is a lawsuit filed last year by Utah restaurant owners against US Bank, which the restaurateurs claim wrongfully seized money from their merchant accounts, Wired reports.
The seizure occurred after Visa and MasterCard imposed fines, claiming the restaurant owners failed to secure their network, which led to fraudulent credit-card charges. The case is still pending.
Sign up for CIO Asia eNewsletters.