Data Breach Financial Protection

What is the Data Breach Financial Protection Program?

The Data Breach Financial Protection Program (the “Program”) is a comprehensive expense reimbursement program, provided with some Netsurion Service offerings, intended to reimburse you for certain contractual expenses that may arise under the payment card industry data security standard (PCI-DSS) in the event of a data breach of credit card data at a Netsurion customer location. The Program is offered by Netsurion and administered exclusively by RGS Limited, LLC (www.royalgroupservices.com) and is backed by a policy of insurance provided by an insurance carrier that is financially strong and rated "A" by independent third party rating agencies.

What kinds of breach events are included in the Program?

Breaches of a system/network or the physical theft of the credit card data from stolen receipts, stolen computers, skimming, or even employee theft.

What PCI-DSS contractual expenses are reimbursed by the Program?

  • Mandatory forensic audit expenses.
  • Card replacement costs and related expenses.
  • Fees, fines and penalties levied against a merchant by a card association.
  • Hardware and software upgrades mandated in lieu of a fine.

For expenses to be paid under the Program, those expenses must be assessed by the card association against the merchant under its merchant agreement as a result of an incident. A qualifying "card association" would be any entity formed to administer and promote cards such as: MasterCard International, VISA U.S.A or VISA International, Discover Financial Services, American Express, JCB International Credit Card Company, or any of the following Debit Provider Networks: Exchange/Accel, Interlink, Maestro, NYCE, Plus, PrestoLink, Shazam and STAR.

For hardware and software upgrade expenses to be included in the Program, the upgrades must have been ordered by a card association to avoid a PCI Assessment from being issued as the result of an incident.

Reimbursement Maximums?

  • Up to $100,000 per MID per incident per plan period*
  • Up to $500,000 per Merchant per incident per plan period*
  • Up to $15,000 per MID per incident for mandated Hardware and Software upgrades per plan period*
* The Program plan period runs from April 1st through March 31st each year

Which Netsurion Customers Can Be Included In the Program?

All Level 2, 3 and 4 merchants who supply a valid MID number to Netsurion are included subject to the limitations below. A merchant does not have to be PCI DSS compliant in order to be included in the Program.

When will the Program start for my locations?

The Program goes into effect between one (1) and three (3) days following receipt of a valid merchant ID number by Netsurion.

Is the Program a cyber-insurance policy?

The Program is backed by an insurance policy in which Netsurion is the named insured. Participating MIDs receive the benefits provided by the program, but are not named to the policy nor insured by the policy.

How is a reimbursement request reported for the Program?

To report an incident, call the RGS Customer Service Department at (888) 545-7133. You will be asked to provide the following items:

  • The notice from the card brand or acquiring bank that specifies that there has been or there is the suspicion of a data breach for a participating MID
  • A copy of the invoice provided by the PCI-DSS auditor
  • A copy of the merchant agreement
  • Contact name, email address and mailing address for reimbursement to be sent.

How quickly will a reimbursement request be processed?

Once the relevant documentation is provided and complete, the request should be processed within thirty days.

The information provided in this FAQ is for general information purposes only. For the complete terms and conditions of the Program please refer www.netsurion.com/DBFP/terms.