Practical Ecommerce

Insuring Against Fraud, Data Breaches

A few insurance companies provide policies for credit card fraud and data breaches, covering both a merchant’s hard cost of fraudulent sales and any liability for data breaches. AIG, the publicly-traded insurance company, was one of the first.

AIG’s insurance policy

AIG has offered Web Merchant Guard since 2001, a policy “designed for merchants that take card-not-present transactions and looking for catastrophic protection from online fraud,” says Mark Camillo, AVP for AIG’s Identity Theft and Fraud Group. “It’s not something that’s going to pay for the first dollar of loss, but it will pay for fraud that exceeds your normal level.”

The annual deductible for Web Merchant Guard is typically around 1 percent of a merchant’s total sales, with premiums of several thousand dollars per year. Three to six other insurance companies offer similar coverage.

Fraud has serious repercussions

“I don’t think small merchants are aware of the repercussions of fraud,” says Dan Clements, president of Card Cops, a website that gathers compromised personal information from cyberspace and makes it available to consumers, merchants, and banks for pro-active fraud fighting. “They look at a report like this and think, big deal, but it’s a real drag to have one of your transactions cost you the next 15 sales just to make up for it.”

AIG also offers Corporate Identity Protection to cover the cost associated with the breach of private customer information. Six to 10 other insurances companies offer similar coverage.

“What we cover is the liability and expenses a merchant would experience in the event of a data breach: cost to give notice, legal representation re: expenses and damages as a result of a lawsuit, cost of providing credit protection services to customers….,” says Nancy Callahan, divisional vice president of the AIG Identity Theft and Fraud Division. “What this policy doesn’t cover is PCI fines and penalties.”

This type of policy starts at an annual premium of $500, but Callahan says the average small business pays about $5,000 per year for $100,000 in breach coverage. Deductibles start as low as $1,000, though most common is $5,000 to $10,000 says Callahan.

Jennifer D. Meacham

Jennifer D. Meacham

Bio   •   RSS Feed


Sign up for our email newsletter

Get the Practical Ecommerce RSS feed

Comments ( 2 )

  1. Legacy User April 21, 2008 Reply

    Massive increase in fraud crimes should make the government and banks realise that their data protection and Chip and PIN systems are diverting rather than deterring fraud crimes.

    This shows that fraud will continue to grow until they exploit KEY and PIN system described on website which will deter BOTH identity and card fraud by making signature and PIN systems reliable and foolproof.

    Fake documents have made our signature system unreliable while skimmers and pin-hole cameras etc. have made PIN system unreliable. We have option to make signatures reliable by personalising them with ID stickers and option to use Card Key Code to make PIN system reliable to make use of stolen and skimmed cards meaningless. By ignoring to exploit this system banks are only letting fraud crimes grow.

    ID KEY system will eliminate the need for us to protect our personal and card details since fraudsters will be deterred from misusing these stolen details.

    Proposed ID KEY can be treated as a reliable international ID card because it will personalise signature and PIN number to only the right individuals in any country.

    We hope that the government and banks will appreciate these details and exploit KEY and PIN system before it is too late to stop a fraud boom.

    — *Roger*

  2. Stephanie Walsh August 12, 2008 Reply

    about credit card breach insurance:

    I received an "offer" from my payment processor, RBS Lynk, to pay $9.99 a month for credit card breach protection.

    Is this another gimmick to make me pay for something I don’t need?

    I never receive or see my customers’ credit card numbers. That’s taken care of by, my payment authorizer. I also use their Fraud Detection Suite.

    RBS Lynk signed me up and I have to opt out after the first month or get automatically charged.

    My only business is online.

    BTW, this is not a complaint against RBS Lynk. I enjoy working with them.