Watch how real shit gets the next few years (China hacking everyone)


#61

It’s actually pretty easy because it is fairly cheap. My pitch goes something like: “On average, it costs a business around $300 per customer once their data has been breached, to notify them, resolve the situation and restore the information. You have (x) # of customers…$300 x (x)= $x…This coverage is only $x, it will cost you $x per month.” Most people can’t say no, especially when it is a small doctors office, dentist, etc…

It helps that the Target situation has been in the media so much. I’m not selling it to prevent the situation, just to help the client get back on their feet and moving in the direction of being profitable again.

I think it’s funny that they are saying the EMV cards will be the savior and end this madness. It’s only going to cause guys like LZ to step their game up, or just apply different tactics they already know. :slight_smile:


#62

Does the insurance policy still cover you if they determine gross negligence when you incur a breach?

EMV cards/full encryption & tokenization at swipe make it incredibly hard and people will move onto easier targets


#63

When I write the policy, they usually ask me what procedures are in place such as:

[ ] Criminal background check on all new hires [ ] Access to data based on job function
[ ] Written Privacy Policy [ ] Immediate restricted access to data upon employee termination

They ask how the CC data is stored, what is stored, etc…

The rate that I get is usually based on how many preventative measures are put in place prior to the breach happening. They have a pretty good idea who’s a good target based on their procedures and rate the policy accordingly. A good agent will work with the client prior to requesting the policy to ensure that they have the proper procedures in place prior to requesting a quote. Obviously, a lot of the older agents who have been doing this for years have no idea what to do when a breach happens. These are the guys who are losing policies to younger guys like myself who are evolving with the market and riding the wave of current trends.


#64

It’s entertaining to see a rate based off number of records that could be lost and a few basic questions about security.

I would make sense that the company full under some sort of testing or compliance to verify proper security controls are in place and someone didn’t just check a box on a form and lower their rate substantially.


#65

Well keep in mind that insurance is all based off statistics. They pretty have a good idea of what is going to happen prior to writing the policy. When a new type of market comes out ie E-Cigz, nobody wants to touch it because there are no statistics of liability losses, products coverage, etc…

In the grand scheme of things, there are more people paying for the coverage and not using it, than people putting claims through. With as much hacking as we have seen, I certainly expect to see those rates start to increase as companies are paying more claims out. Keep in mind too, we are only writing this up to a certain amount. It’s not unlimited funds to restore things. If a client takes $25k in coverage, that could be used up in 50% of their customer base and they essentially self insured themselves for the rest. These are all things that go into my calculation with the client prior to even quoting the policy.


#66

I think “computer security” is a scam. Those two words should never be used together. lol


#67

It’s all relative. Some liberals think they have traded in our freedoms for “security”, right?


#68

Explain?

10 years ago you could find a way to hack into almost any computer/server on the internet with no user interaction.

Fast forward today where the internet much larger and the likely hood of breaking into a computer with no user interaction is much lower.


#69

“much lower” sounds like a vague govt term used when they know the actual facts would not be appealing. :wink:

The odds of the TSA violating your rights is “much lower” than you think.

I am just funning with you because there have been so many breaches in the headlines lately. :smiley:


#70

computers are a fad


#71

I never said they were a fad but, they are the work of the Devil. :slight_smile:


#72

@LZ1 check this article out, looks like we were both right.

The “liability shift” is a big moment in the changeover. Can you explain what it means?

Part of the October 2015 deadline in our roadmap is what’s known as the ‘liability shift.’ Whenever card fraud happens, we need to determine who is liable for the costs. When the liability shift happens, what will change is that if there is an incidence of card fraud, whichever party has the lesser technology will bear the liability.

So if a merchant is still using the old system, they can still run a transaction with a swipe and a signature. But they will be liable for any fraudulent transactions if the customer has a chip card. And the same goes the other way – if the merchant has a new terminal, but the bank hasn’t issued a chip and PIN card to the customer, the bank would be liable.

The key point of a liability shift is not actually to shift liability around the market. It’s to create co-ordination in the market, so you have issuers and merchants investing in the migration at the same time. This way, we’re not shifting fraud around within the system; we’re driving fraud out of the system.


#73

2015 good luck with that most of those POS systems are Windows XP based still.

Also this http://dev.inversepath.com/download/emv/emv_2011.pdf

EMV doesn’t do anything for online transactions either :frowning:


#74

So basically pay with cash when possible?


#75

Agreed on both accounts. It’s not a perfect system, but at least they care to do SOMETHING.


#76

Who cares?

The consumer isn’t liable for the money in the fraudulent transactions anyways

This doesn’t fix anything to do with the internet card not present and online transactions are much larger issue…The majority of CC fraud takes places online.

Some good posts here on the subject - https://pciguru.wordpress.com/tag/emv/


#77

I’m not disagreeing with ya… Online is a whole other beast and problem. Will check out the link.


#78

I think in NYS you can be held to a max of $50 for unauthorized purchases. It’s been a while since I took accounting so I could be mistaken. Either way I get what you’re saying.


#79

I use cash for everything I can.

So long do you guys think it will be before there is no cash? (I just saw a video of a guy trying to pay his mortgage with cash and the bank would not accept it. Obviously there is more to the story but it got me to thinking.)


#80

It’s much easier to do forensic accounting with digital blips & blops. Shouldn’t be long now.