PCI Compliance Insurance

 

What is PCI?

Payment Card Industry.  The payment card industry consists of all the organizations which store, process, and transmit cardholder data, most notably for debit cards and credit cards.  Security standards are developed by the Payment Card Industry Security Standards Council used throughout the industry including Data Security Standard requirements.

What is PCI Compliance?

 

The Payment Card Industry Data Security Standard (PCI DSS) applies to companies of any size that accept or process credit card payments and transactions.  PCI requirements address areas of risk management related to payment card processing such as implementing and maintaining information security policies, monitoring and testing networks, and protecting cardholder data.  If your company intends to accept card payment, and store, process and transmit cardholder data, you need to host your data securely with a PCI compliant hosting provider.  All merchants fall into one of four merchant levels based on the number of VISA, MasterCard, American Express and Discover processes, stored, or transmitted payment cardholder data.

 

Why do you need PCI Compliance Insurance?

 

A merchant who seeks to accept credit card payments generally will sign a merchant services agreement (MSA) with an acquiring bank (an acquiring bank is the financial institution that enters an electronic transaction into the collection stream).  An MSA contract requires the merchant to comply with PCI DSS standards.  In the event of a PCI payment card breach a merchant may face PCI DSS fines and may be assessed with additional fees to the acquiring bank.  Additional costs include reputational damages, loss of customer trust and business brand.  A PCI DSS cardholder breach and subsequent non-compliance fines and fees can be a tough pill for large companies to swallow, but consequently disastrous to SMBs (small and medium size businesses).

PCI Compliance Claim Scenario:

In June of 2014 the restaurant chain P.F. Chang’s discovered a data breach which involved 33 restaurant locations and compromised credit card data of approximately 60,000 customers.  In addition to notification costs, fees and PCI DSS assessment charges, the restaurant retail chain also had to defend against a class action suit from its customers affected by the breach.  The total cost of the loss was roughly $3.5 million.

What does PCI Compliance Insurance Cover?

Not all PCI compliance insurance policies are the same, some of the following coverages are available through a cyber security and privacy insurance coverage form:
Third -Party Liability Coverage including Cyber, Privacy and Network Security Liability, Payment Card Loss, Regulatory Proceedings
First-Party Coverage including Cyber Incident Response fund, Digital Data Recovery, Telephone Toll Fraud, Network Extortion
Some policies also include Cyber Crime coverages such as Computer Fraud and Funds Transfer Fraud.