Payment Card Industry Fines and Assessments Insuring Agreement — an insuring agreement found within cyber and privacy insurance policy forms,
which covers (1) fines and penalties assessed against the insured for failing
to comply with Payment Card Industry Data Security Standards and (2) defense
costs incurred, if the insured challenges the imposition of such penalties
because the insured believes that it complied with requisite security
standards. Payment Card Industry Data Security Standards are a set of
proprietary information security standards that have been promulgated for
businesses that accept payment from the leading credit card issuers, including
Visa, MasterCard, American Express, and Discover. Coverage under this insuring
agreement would apply under the following circumstances. A retailer reports
that the personally identifiable information (PII) (including credit and debit
card information) belonging to its customers was stolen by a hacker. An
investigation reveals that the breach occurred because the retailer's
computer system did not comply with Payment Card Industry Data Security
Standards. In the event the retailer was fined $100,000 for failure to comply
with applicable standards, this insuring agreement would cover the fines.
Furthermore, if the retailer incurred costs to dispute the imposition of the
$100,000 fine (because it felt that it did, in fact, comply with standards),
this insuring agreement would cover those required defense costs.