Back to Top

Data Breach Security Program

Q.   “What is the Data Breach Security Program?” 

A.   The Data Breach Security Program is an innovative product designed specifically to help merchants meet the potentially devastating expenses that result from a suspected or actual breach of customers’ payment data.


Q.   “What kinds of expenses could I incur with a data breach?”

A.   Merchants can incur thousands of dollars in costs when confronted with a suspected or an actual breach of customer data. These costs include audit expenses, card monitoring  and replacement costs, and fees imposed by the card associations. It’s possible to incur as much as $20,000 in fees just for a suspected breach – and that number can go significantly higher. 


Q.   “What does the program cover?”

A.   The Data Breach Security Program covers merchants that enroll with up to $100,000 per location for:

  • Fines and penalties levied by the card associations as a result of the data security breach
  • Card replacement costs and related expenses 
  • Costs of a security assessment by a qualified security assessor and/or a forensic audit conducted to determine the cause and extent of a data breach 
  • Post-breach service expenses 

Q.   “Is there any deductible?” 

A.   No, there is never any deductible for Data Breach Security Program claims.


Q.   “I already pay PCI DSS fees for data security. Why do I need breach coverage as well?”

A.   Payment Card Industry Data Security Standards (PCI DSS) fees are required by Visa, MasterCard and Discover for all merchants who store, process or transmit data; they cover the cost to ensure that cardholder data is kept secure. 

The Data Breach Security Program is coverage designed to protect the merchant against fees that are incurred if a breach occurs. It’s an extra level of protection against fees that could have a significant negative impact on the future of your business. 


Q.   “Do I have to be PCI DDS compliant to be eligible for the Breach Security Program?”

A.   No; however, we highly recommend that all merchants comply with PCI DSS regulations. And any merchant that experiences a breach must become complaint before it can enter or re-enter the Data Breach Security Program.


Q.   “I’m considered a Level 4 merchant, with less than 20,000 Visa e-commerce transactions and less than 1 million overall Visa transactions per year. Is there really a chance that a business of my size could experience a breach?”

A.   Absolutely! At a recent industry summit, experts reported that hackers are now targeting small and mid-size businesses, believing that they are easier targets. The cost of a single data breach for a Level 4 merchant is approximately $36,000. In fact, industry reports say that approximately 85 percent of security breaches occur in Level 4 businesses.


Q.   “I don’t store magnetic strip data. Can I still be breached?”

A.   Yes! While merchants that store magnetic strip data are particularly vulnerable to a breach, any merchant can experience a security breach. Some have missing or outdated security patches, vendor-supplied default settings and passwords, SLQ injections by hackers, poor business practices or simple employee dishonesty or theft. Any or all of  these conditions can lead to a security breach, even without stored magnetic strip data.


Q.   “How does the Data Breach Security Program work if I experience a breach?”

A.   The process is simple and starts with a quick online form:

  • Complete an online claim form at www.merchantdatabreach.com
  • Submit documentation to the acquiring bank or card brand that advises of a breach
  • Choose a qualified security assessor to perform an audit determining if a breach has occurred and how it happened
  • Submit the invoice provided by the assessor
  • Submit request for reimbursement of fines associated with remediating the breach

Q.   “Where can I get more information?”

A.   Please contact your local representative for additional information.