If a merchant account suffers a suspected or actual data breach, the business responsible for the merchant account could incur thousands upon thousands of dollars of unexpected costs in the form of audit expenses, card monitoring and replacement expenses, and fines. These costs could significantly affect revenue…and even jeopardize the existence of a business. The EMS Data Protection Plan reduces a protected merchant account's monetary exposure when a presumed or actual data compromise occurs, thus providing peace of mind!
The maximum protection is $100,000 per incident, for each merchant account.
There is NO deductible!
Absolutely, they are! Nearly two thirds of all breaches occur at Level 4 merchant accounts. In fact, Eduardo Perez, VISA USA's Vice President of Payment Systems and Risk, stated at the 2007 Electronic Transactions Association trade show in Las Vegas, "Hackers are concentrating on the smaller merchants… that's where we see the greatest vulnerability."
Yes! While it is true that merchant accounts that store magnetic stripe data are the most vulnerable, there are a number of other risks. For example, missing or outdated security patches, using vendor supplied default settings and passwords, SQL injections by hackers, unnecessary and vulnerable services on your servers, stolen receipts, stolen computers, employee theft, and skimming can all lead to significant data compromises and subject the merchant account to audits, card replacement costs, and fines.
Yes! Certification of PCI DSS compliance is not a guarantee that a breach will not occur. The analogy that best describes the situation is this: "You can have the best alarm system in the world, but it is useless if you don't turn it on." Also, the Program covers employee theft and the physical theft of data. PCI DSS compliance alone cannot prevent these losses.
Contact the EMS Client Services Hotline at 800-615-1330
Quickly! Once the relevant documentation is provided, the requests for payments will be processed. Assuming that the documentation is in order, the request should be processed within thirty days.