As outlined by Payments Source, unprepared merchants may be at risk for significant loss to their bottom line if they suffer a data breach.
All merchants that accept, transmit, or store credit card holder data are subject to the Payment Card Industry Data Security Standard (PCI DSS). These security requirements were launched on September 7, 2006 to ensure that merchants maintained a secure environment for data. Any and all merchants that have a Merchant ID (MID) are subject to these regulations.
A new revision to these security standards takes affect at the end of June 2015. In short, merchants will need to change the common SSL (Secure Socket Layer) protocol to a more secure version of TLS (Transport Layer Security). E-commerce merchants will need to configure Web servers to work with TLS and turn off support for SSL, while brick-and-mortar businesses may need to update their payment applications.
For those merchants that are unprepared there is a significant risk for fines and penalties if they were to suffer a data breach. A security engineer for Trustwave Security told Payments Source that the fines and penalties could range between $100,000 and $500,000. In addition, penalties may include breach expenses ranging from $50,000 and $100,000, a $50 re-issuance fee per compromised card, and a $2 per customer for credit monitoring. These penalties are in addition to a wide variety of expenses to comply with breach notification laws.
While cyber and data breach insurance policies will include coverage for breach notification expenses, credit monitoring, and ID theft repair, many (but not all) policies provide coverage for PCI fines and penalties. At R&R, we can customize a policy to fit the needs of your organization. Contact a knowledge broker to make sure you are prepared.