Page 34 - GS170502
P. 34
Education
The MAC conference: Evolving However, the potential inability to
provide this indemnification could
risks and insurance solutions render such clauses as worthless as
the paper they are written on. If an
ISO contracts with a CRM, gateway or
By Kevin Mendizabal any other provider, what assurances
does the ISO have that the provider is
Frates Insurance and Risk Management financially capable of indemnifying
not only that ISO, but also all other
he Merchant Acquirers' Committee held its annual show March 21 to affected ISOs utilizing that provider?
23, 2017, in Las Vegas. Among the many topics discussed were risk,
underwriting, hacking and breaches, regulatory actions, and com- In addition to contractual indemni-
T pliance. A number of speeches focused on continuing and evolving fication, best practice requires evi-
cyber-threats and the scope of cyber-liability for businesses operating within dence of insurance that backs this
the payments industry. Discussions made it clear that payment companies are indemnification, naming the indem-
learning the hard way that data breaches encompass far more than credit card nified party as an additional insured.
data. If a provider is unwilling to do this,
Hacking and data breaches it would be prudent to find another
provider. Accepting what is equiva-
Companies such as acquiring banks, payment facilitators, gateways, ISOs and lent to a parking garage liability dis-
customer relationship management (CRM) specialists manage their clients' claimer is not by any means sound
data. If they are compromised, all parties involved could suffer substantial risk management.
losses, experts at the conference noted. Because of this, indemnification provi-
sions are typically included in contracts between two organizations, such as Ransomware
between a CRM and an ISO or between an acquiring bank and an ISO. Speakers also pointed out that ran-
somware has been increasing ex-
ponentially, causing companies to
face losses in the hundreds of thou-
sands and even millions of dollars.
Ransomware gives hackers the op-
portunity to extort an organiza-
tion by holding its systems hostage.
Ransom demands are always paid in
bitcoin in exchange for passwords to
restore the compromised databases.
However, one has to ask if criminal
hackers will in fact keep their end of
the bargain. These bad actors have a
great reputation for customer service,
which is evident by the price of bit-
coin. Simple supply and demand il-
lustrates just how in demand bitcoin
is. Bitcoin is primarily linked to the
rampant use of the digital currency to
pay said ransoms.
If that isn't scary enough, one of the
presenters at the conference demon-
strated how easy it is to bypass every
anti-virus and malware program de-
signed to prevent such attacks. Fortu-
nately, ransomware payments can be
covered by cyber insurance, provided
the policy is properly written. This is
one of the most important and com-
plex policies a company will main-
tain, and not all policies are created
equal, so it is critical to understand
34
