GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?


Table of Contents

Lead Story

Gen Y poised to rock payments

News

Industry Update

Senate committee brings interchange to account

W.net set for Boot Camp

Opening Pandora's Box?

HMS' parent sold

Alleged TJX cyber criminals indicted

Payments primed for new growth

To listen actively

Vicki M. Daughdrill
Small Business Resources LLC

Features

GS Advisory Board:
What's up in this downturn? - Part I

In transit with the unbanked

ISOMetrics:
Generation Y not?

Views

Banking on generational changes

Patti Murphy
The Takoma Group

Education

Street SmartsSM:
Telemarketing - The horn of plenty

Jason Felts
Advanced Merchant Services

Bold new mode in modems

Dale S. Laszig
DSL Direct LLC

It really isn't what you know

Nancy Drexler
SignaPay Ltd.

The buyers are back

Lane Gordon
MerchantPortfolios.com

To listen actively

Vicki M. Daughdrill
Small Business Resources LLC

The buyers are back

Lane Gordon
MerchantPortfolios.com

Company Profile

IMS Inc.

New Products

Mirror success with facecard

facecard
Company: edő Interactive

Data breach insurance has your back

Merchant Data Security Policy
C.L. Frates and Company

Inspiration

Burnish legacy with mentoring

Burnish legacy with mentoring

Departments

Forum

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

August 25, 2008  •  Issue 08:08:02

previous next

New Products

Data breach insurance has your back

Product: Merchant Data Security Policy

At the 2007 Northeast Acquirers Association Conference, Tom Mulligan, Vice President of C.L. Frates and Co., heard the buzz about the TJX Companies Inc. security breach - the largest in U.S. history. Mulligan and his colleagues at the Oklahoma City-based insurer wondered why there wasn't an insurance policy that covered merchants (and their acquirers) should a breach occur.

So the insurer tweaked their Corporate Identity Protection Policy to create the Merchant Data Security Policy.

In case of a breach, the policy covers level 2, 3 and 4 merchants up to $50,000. The policy covers the costs of the mandatory audit required by the card networks as a result of a data breach; the policy also pays for the ensuing monetary assessments or fines levied by the networks and the time and expense of the audit. Moreover, the costs of card replacement and state-required notification letters are also included.

The policy, underwritten by worldwide insurer International Insurance Group Inc., requires no deductibles. ISOs and merchant acquirers are set up on the policy at a cost of $2 or less per merchant, depending on the size of the portfolio. Acquirers can mark up the cost of the policy to their merchants if they so choose.

Rest easy

Mulligan called the policy "sleep-at-night coverage," especially for level 3 and 4 merchants. Although the networks technically punish the banks for data breaches, the costs are passed along to the ISOs and acquirers which, in turn, pass along the costs to merchants, Mulligan said.

"Ultimately it comes down to the merchants and they are liable to pay the forensic exam, the fines and penalties," he said. Forensic exams start at around $10,000. For level 4 merchants in particular, that's a lot of money.

"So if your merchant is Dan's Shoestore in San Francisco, you may not have $10,000 to spare," Mulligan said. "That's the first bill." He added that the second bill comes after the forensic audit, when the card companies say, "'Well, hey, Dan's Shoestore, they were out of compliance that day, so we're going to fine them $20,000 every month that they're out of compliance.'"

Because of their smaller finacial size, level 4 merchants are most at risk if a breach should take place. Mulligan put it bluntly:

"If you've got a level 2 that has a breach, they probably have the financial resources to pay $50,000 or $100,000, $200,000. The $50,000 would help offset [the costs], but it probably wouldn't pay the whole thing.

"It wouldn't put my level 2 merchant out of business. Level 3 it might. And level 4 it probably definitely would."

Be prepared

C.L. Frates has met with resistance from acquirers that argue they have no need for data breach insurance, since acquirers routinely ferret away funds to be used in case one of their merchants is breached.

Mulligan counters that the policy is a tax deductible item. Furthermore, the policy provides liability insurance to acquirers if they are sued because of a breach.

But Mulligan also said the policy has other benefits that rainy day funds do not provide. Included in the policy is a crisis management service for affected merchants, as well as identity recovery services for consumers.

Both services are designed to mitigate damage to merchants' reputations, keep them in business and retain their customers.

Mulligan also considers the policy a perfect value added service ISOs and merchant level salespeople can sell to merchants.

"The sales team of the ISO can let every merchant know that starting X date, they are not liable for the first $50,000 of a breach, they're fully protected, and there is an insurance policy written through AIG, the largest insurance company in the world, that is there backing them up," Mulligan said.

C.L. Frates and Company
800-221-1825 ext. 409
www.clfrates.com

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Impact Paysystems | Electronic Merchant Systems | Board Studios