Insuring Against Fraud, Data Breaches
A few insurance companies provide policies for credit card fraud and data breaches, covering both a merchant’s hard cost of fraudulent sales and any liability for data breaches. AIG, the publicly-traded insurance company, was one of the first.
AIG’s insurance policy
AIG has offered Web Merchant Guard since 2001, a policy “designed for merchants that take card-not-present transactions and looking for catastrophic protection from online fraud,” says Mark Camillo, AVP for AIG’s Identity Theft and Fraud Group. “It’s not something that’s going to pay for the first dollar of loss, but it will pay for fraud that exceeds your normal level.”
The annual deductible for Web Merchant Guard is typically around 1 percent of a merchant’s total sales, with premiums of several thousand dollars per year. Three to six other insurance companies offer similar coverage.
Fraud has serious repercussions
“I don’t think small merchants are aware of the repercussions of fraud,” says Dan Clements, president of Card Cops, a website that gathers compromised personal information from cyberspace and makes it available to consumers, merchants, and banks for pro-active fraud fighting. “They look at a report like this and think, big deal, but it’s a real drag to have one of your transactions cost you the next 15 sales just to make up for it.”
AIG also offers Corporate Identity Protection to cover the cost associated with the breach of private customer information. Six to 10 other insurances companies offer similar coverage.
“What we cover is the liability and expenses a merchant would experience in the event of a data breach: cost to give notice, legal representation re: expenses and damages as a result of a lawsuit, cost of providing credit protection services to customers….,” says Nancy Callahan, divisional vice president of the AIG Identity Theft and Fraud Division. “What this policy doesn’t cover is PCI fines and penalties.”
This type of policy starts at an annual premium of $500, but Callahan says the average small business pays about $5,000 per year for $100,000 in breach coverage. Deductibles start as low as $1,000, though most common is $5,000 to $10,000 says Callahan.