Payment Card Industry Data Security Standards (PCIDSS) —
A set of proprietary information security protocols that businesses are
obligated to follow and merchants must agree to if they accept payment from the
leading credit cards, including Visa, MasterCard, American Express, and
Discover. When a data breach occurs involving a merchant that has agreed to
comply with PCIDSS standards, the merchant is subject to various fines and
penalties.
Coverage for these fines and penalties is available within some cyber and
privacy insurance policies, more specifically under the insuring agreement
known as PCI Fines and Assessments coverage. This insuring agreement also
covers defense costs that an insured incurs if it seeks to contest the
imposition of such fines and penalties.