Will insurance cover data breach of credit card information? Whether or not PCI Compliant?

The typical business general liability insurance policy provides ZERO insurance coverage. A special policy referred to as Cyber Liability Insurance includes a section called Network Security coverage that protects you for both first-party and third party liabilities arising from a data breach event. In order to get the special insurance, a merchant must be PCI DSS Compliant at the time the policy is written, and attest to compliance on the insurance application.

Cyber Liability is a generic term for an insurance policy and possible coverages include identity theft from computer network data and paper files.

CRITICAL RED FLAGS:

  • Merchant doesn’t know what PCI compliance means (Payment Card Industry Data Security Standards)
  • Merchant cannot provide a copy of written policy for actively monitoring PCI compliance- and record of doing so.
  • Merchant statements contain “non-PCI Compliance validation fee”.

What if the PCI Compliance status changes during the term of the policy? This is a grey area and likely many factors will influence a decision to pay out, including how egregious the issue was that caused the breach as well as the business efforts to maintain compliance.

If a business qualifies for a discount because they have a building alarm, but then post the alarm code next to the door for everyone to see,  would the carrier be happy paying a theft claim? If a business was PCI compliant but then started accepting credit card sales via fax and stored all the forms in a file folder on someone’s desk where other employees or cleaning personnel have access to, do you think the insurance carrier might have an issue with this? What if the business made every effort to meet PCI compliance, but a key senior employee goes rogue?

Businesses can mitigate the risk of losses by data breach by outsourcing the responsibility, using third party payment processing technology, and by purchasing Cyber Liability Insurance.

Thanks to Steven Breitbart, of Cypress Insurance Fort Lauderdale, for contributing to this article.

3D Merchant Services Powered by CenPOS
2633 NE 26th Ave Metro South FloridaFL33064 USA 
 • 954-942-0483

Invoice Factoring Alternatives

Although leveraging Accounts Receivable Management to increase capital for cash flow can be very effective, merchants can often reduce invoice factoring needs by improving accounts receivable collections. The two most common collection invoice delivery methods are paper mailed invoices and email invoices or e-invoices. Adding an online pay page or using Electronic Bill Presentment & Payment (EBPP) can dramatically improve cash flow.

The Case For Online Payments

At a minimum, a hosted pay page enables customers to pay 24/7, while also reducing Payment Card Industry Data Security Standards , or PCI DSS, compliance burden.  If  most of your customers pay by check, and protecting margins with check payment is preferred, simply email the link to delinquent accounts. This is a proven method to boost cash flow. Example: a law firm added a pay page and collected a single $11,000 + payment the same day a client was given the creit card payment online option.online payments hosted pay page

The Case For Electronic Bill Presentment & Payment (EBPP)

With EBPP, invoices are delivered via email, SMS ( text message) or fax. The primary difference between e invoice and EBPP is the link tp pay the invoice delivered online. Delivering electronic invoices is easy for any business to business company to gain customer acceptance, if for no other reason than environmental impact. From a business perspective, it’s clear float is reduced with e-billing vs postal from 2-10 days to immediate. Some might argue customers will always pay the last due date, and that’s true, some will , however, this is also true:

  • It’s proven some invoices will get paid immediately. Benefit: 30 days vs same day.
  • Some customers will pay on time. Benefit: reduces late payments.
  • Some slow payers will payer quicker to stop automatic reminders to pay. Benefit: paper, printing, and postage fees; staff time

The Case For CenPOS Online Payments & EBPP

CenPOS is a universal payment processing solution that works with your existing finance partners to streamline the payment experience for customers and merchants. In short, here’s why CenPOS is better than another similar solutions:

  • Cost: more value for a lower cost, no long term contracts or heavy upfront costs
  • Simplicity: Go live almost instantly.
  • Efficiency:  The platform is built with many, many time saving features for both merchants and customers. For example, the ability to securely store credit card and checking account information by either party saves tons of time on future payments.
  • Innovation: CenPOS is flexible, and continually innovating. With one hub for transactions, reporting, administration, reconciliation, there are no comparable competitors with the depth of solutions nor merchant value added benefits. For example, CenPOS EBPP has tools to automate steering to lower cost methods of payment, and all payment sources utilize an intelligent system that can reduce  credit card processing fees- with any compatible merchant account.

If the dynamics of when invoices are paid changed, how will it impact factoring needs? Try any of our payment accelerator solutions for an extended free trial with the mention of this blog article. Merchants and factoring companies contact Christine Speedy, CenPOS Global Sales/ Channel Sales (954) 942-0483.

 

Electronic bill presentment and payment improves PCI Compliance

Electronic bill presentment and payment, or EBPP, improves PCI Compliance by removing employees from having access to credit card information. Instead of credit card numbers on fax forms or employees accepting payment information over the phone, simply send an e-invoice which the customer can click to pay.

The image below shows the landing page after a customer clicks the text message or email link to pay.

electronic bill presentment and payment

Better than electronic invoicing, our solution enables customers to make payments right from the email. Why is this important? By delivering the invoice and the ability to pay without logging in, you’ll dramatically reduce time from invoice to payment collection.

EBPP sales sheet (PDF)

Our EBPP is fast, easy to use, and requires no capital investment to implement. For sales call Christine at 954-942-0483 or click here for more information.

Video Training: How to replace credit card authorization forms

In this training video, I show how to securely store credit card data so that no one can ever see it again. It’s virtually impossible to prove Payment Card Industry Data Security Standards (PCI DSS) Compliance if storing credit card authorization forms with full card data. This solution can significantly increase boost PCI Compliance and reduce losses due to disputes and resulting chargebacks.


The positive card verification checkbox is used to submit a zero dollar authorization transaction. This validates all rules in the merchant administration and on a user basis. For example, if rules require an address, zip code, and cvv security code verification, the items will be validated with the card issuer. The receipt is the merchant record of proof that the card issuer passed the verification.

Optionally send the repeat sale credit card charge form to your customer. Have the customer sign and send it back. This replaces credit card authorization forms that have full card data.

TIP: Include a cancellation and refund policy on all invoices, as required for all card not present transactions per card acceptance guidelines.

CenPOS works with your existing processor, and is fast, easy, and requires no capital investment to implement. Call Christine Speedy in sales 954-942-0483 or click here for more information.

Online Form Creator With Secure Online Payments

To convert a paper sales order form, with credit card authorization, from paper to electronic, including securely collecting an online payment, there are multiple options. This article addresses the business to business need for a quick solution to become PCI Compliant. PCI is short for PCI DSS or Payment Card Industry Data Security Standards, the mandatory standards for all merchants accepting credit cards.

virtual terminal and web payment page for law firm

Image shows example of a custom secure payment page on a law firm web site. Fully configurable for your specific needs,

How critical is the security of the data being collected? What will be done with the information after? The simplest solution is to create a quick script that collects the data and sends it to an email address. After the form is submitted, the return URL (the page that appears after the form data is submitted)  contains a link to secure pay page hosted by a third party. I like having a link on the return URL instead of immediately redirecting because it provides an opportunity to assure the payer the link is to a trusted web page.  Because the form data is not in a spreadsheet that can be imported into a database, or collected automatically in a database, some manual work will be needed after. However, don’t get hung up on this! If the current process is faxing back and forth credit card authorization forms, the entire process is already manual. At a minimum, staff will save time key entering credit card data, plus this process is more secure for business owners and their customers. Additionally, the back office for the pay page will have an export feature making it possible to import transaction information into accounting programs.

All of the above can be done with no html programming experience. There’s plenty of free and low cost options to create custom forms. I’ve personally used wufuu, jotform, Logiforms, SugarCRM forms, and custom made forms over the years. Here’s a link to form reviews.  It’s a bit dated, however, the table may help to identify what’s important to look for when choosing a form builder.

With a little bit of html work, elements of the information filled into the order form, can be transferred automatically to the matching payment fields. For budgeting outsourced help, plan on an hour for the programmer to review what to do, what URL’s to link to, and reviewing the API. Budget another hour to implement and test.

In summary, payments can be securely accepted online with an update to your web site navigation, and single line of html linked to a secure hosted pay page. This process is more secure than credit card information exposed on paper, and provides an easily retrievable record in the event of a dispute, that can occur up to 120 days later. To convert a sales order form to electronic, an online form builder is a low cost option that saves both merchants and customers time.

Disclaimer: The information above does not replace a merchants obligation to follow all rules associated with their merchant account, card acceptance guidelines and payment card industry data security standards. Many additional options

For more information about this and other solutions to streamline payment acceptance for your business to business company with card not present customer transactions, contact us.