It’s actually pretty easy because it is fairly cheap. My pitch goes something like: “On average, it costs a business around $300 per customer once their data has been breached, to notify them, resolve the situation and restore the information. You have (x) # of customers…$300 x (x)= $x…This coverage is only $x, it will cost you $x per month.” Most people can’t say no, especially when it is a small doctors office, dentist, etc…
It helps that the Target situation has been in the media so much. I’m not selling it to prevent the situation, just to help the client get back on their feet and moving in the direction of being profitable again.
I think it’s funny that they are saying the EMV cards will be the savior and end this madness. It’s only going to cause guys like LZ to step their game up, or just apply different tactics they already know.
When I write the policy, they usually ask me what procedures are in place such as:
[ ] Criminal background check on all new hires [ ] Access to data based on job function
[ ] Written Privacy Policy [ ] Immediate restricted access to data upon employee termination
They ask how the CC data is stored, what is stored, etc…
The rate that I get is usually based on how many preventative measures are put in place prior to the breach happening. They have a pretty good idea who’s a good target based on their procedures and rate the policy accordingly. A good agent will work with the client prior to requesting the policy to ensure that they have the proper procedures in place prior to requesting a quote. Obviously, a lot of the older agents who have been doing this for years have no idea what to do when a breach happens. These are the guys who are losing policies to younger guys like myself who are evolving with the market and riding the wave of current trends.
It’s entertaining to see a rate based off number of records that could be lost and a few basic questions about security.
I would make sense that the company full under some sort of testing or compliance to verify proper security controls are in place and someone didn’t just check a box on a form and lower their rate substantially.
Well keep in mind that insurance is all based off statistics. They pretty have a good idea of what is going to happen prior to writing the policy. When a new type of market comes out ie E-Cigz, nobody wants to touch it because there are no statistics of liability losses, products coverage, etc…
In the grand scheme of things, there are more people paying for the coverage and not using it, than people putting claims through. With as much hacking as we have seen, I certainly expect to see those rates start to increase as companies are paying more claims out. Keep in mind too, we are only writing this up to a certain amount. It’s not unlimited funds to restore things. If a client takes $25k in coverage, that could be used up in 50% of their customer base and they essentially self insured themselves for the rest. These are all things that go into my calculation with the client prior to even quoting the policy.
The “liability shift” is a big moment in the changeover. Can you explain what it means?
Part of the October 2015 deadline in our roadmap is what’s known as the ‘liability shift.’ Whenever card fraud happens, we need to determine who is liable for the costs. When the liability shift happens, what will change is that if there is an incidence of card fraud, whichever party has the lesser technology will bear the liability.
So if a merchant is still using the old system, they can still run a transaction with a swipe and a signature. But they will be liable for any fraudulent transactions if the customer has a chip card. And the same goes the other way – if the merchant has a new terminal, but the bank hasn’t issued a chip and PIN card to the customer, the bank would be liable.
The key point of a liability shift is not actually to shift liability around the market. It’s to create co-ordination in the market, so you have issuers and merchants investing in the migration at the same time. This way, we’re not shifting fraud around within the system; we’re driving fraud out of the system.
The consumer isn’t liable for the money in the fraudulent transactions anyways
This doesn’t fix anything to do with the internet card not present and online transactions are much larger issue…The majority of CC fraud takes places online.
I think in NYS you can be held to a max of $50 for unauthorized purchases. It’s been a while since I took accounting so I could be mistaken. Either way I get what you’re saying.
So long do you guys think it will be before there is no cash? (I just saw a video of a guy trying to pay his mortgage with cash and the bank would not accept it. Obviously there is more to the story but it got me to thinking.)
