PCI Coverage in your Cyber Policy?

 

PCI (or Payment Card Industry Data Security Standard) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment. If you have a data breach related to credit card transactions/information, the credit card brands (they are behind the PCI standards) could assess fines if they audit / find you are not in compliance with the security standards for your “level” of card processing.  Most of our Real Estate agency clients are considered Level 4 which means they process less than 20,000 transactions a year which has a lower level of compliance. Click here for PCI level and compliance information.

Since, Cyber Liability and PCI are related, PBI Group’s cyber liability policy has an available endorsement to help provide protection. In general, this coverage pays for fines and penalties assessed by the credit card brands (Visa, Master Card, etc) to your credit card processing bank which are often passed to the real estate agency.

Some Policy Definitions*:

Payment Card means an authorized account, or evidence of an account, for a credit card, debit card, charge card, fleet card or stored value card between a payment card brand (including, but not limited to Visa, Inc., MasterCard Incorporated, Discover Financial Services, American Express Company or JCB Company, Ltd.) and its customer.

Payment Card Industry Data Security Standard means the rules, regulations, standards or guidelines adopted or required by the Payment Card Brand or the Payment Card Industry Data Security Standards Council relating to data security and the safeguarding, disclosure and handling of Personal Information.

Payment Card Loss means monetary assessments, fines, penalties, chargebacks, reimbursements, and fraud recoveries which You become legally obligated to pay as a result of Your actual or alleged failure: of Network Security; or to properly handle, manage, store, destroy or otherwise control Personal Information, where such amount is determined pursuant to a payment card processing agreement between You and a payment card brand, a mobile payment services merchant agreement between You and a payment services provider, or demanded in writing from an issuing or acquiring bank that processes Your Payment Card transactions, due to Your actual or alleged non-compliance with the Payment Card Industry Data Security Standards, EMV specifications, or mobile payment security requirementsPayment Card Loss shall not include subsequent fines or assessments for continued noncompliance with the Payment Card Industry Data Security Standard, EMV Specifications, or a mobile payment services merchant agreement. Payment Card Loss also shall not include costs or expenses incurred to update or otherwise improve privacy or network security controls, policies or procedures to a level beyond that which existed prior to the loss event or to be compliant with Payment Card Industry

*Policy Language from Victor O. Schinnerer & Company