New Payment Technologies Should Reduce Demand for Cyber Insurance
Time 2 Minute Read
Categories: Cyber Insurance, Cybersecurity

Hunton & Williams Insurance Litigation & Counseling partner Lon Berk reports:

As the demand for cyber insurance has skyrocketed, so too has the cost. One broker estimates that sales in 2014 will double from the $1 billion premium collected in 2013. Much of the increase in demand and cost has been the result of the widely publicized hacks of the point-of-sale systems at large retailers, and the primary emphasis of most cyber policies is to address liability arising from such events. New payment technologies, however, will change the need for this type of cyber insurance. American Express recently announced a token service; Apple incorporated ApplePay into its new iPhones; and a group of retailers, the Merchant Customer Exchange, is working on the release of a new payment technology as well. These technologies, although different in detail, eliminate the need for merchants to collect unencrypted payment card information from customers, significantly reducing the risk created by point-of-sale malware.

These technologies work by generating tokens or cryptograms for use at the point of sale. Financial institutions are able to determine whether the tokens or cryptograms are associated with a customer’s account, even though it is virtually impossible for a third party possessing the token or cryptogram alone to identify the account. The exact specifics of the technologies vary, but the end result is that the merchant does not need access to the customer’s unencrypted account information and any data obtained through the point-of-sale malware becomes virtually worthless.

As these payment technologies become prevalent in the U.S., the need for cyber insurance protecting retailers against point-of-sale malware should sharply drop. There still will be a need for coverages protecting against other cyber risks, including other forms of malware and security breaches as well as against business interruptions arising from cyber events. However, the need and demand for cyber insurance covering privacy breaches should be reduced and the pressure on much of the current cyber insurance market removed.

Tags: Payment Card
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 2 Minute Read
CFPB Seeks Public Comment on Digital Payment Privacy and Consumer Protections

Earlier this month, the U.S. Consumer Financial Protection Bureau invited public comment on strengthening privacy protections for, and a proposed interpretive rule extending financial consumer protections to, emerging payment mechanisms.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
Wawa Inc. Settles Multi-State AG Breach Investigation for $8 Million

On July 26, 2022, the attorneys general of New Jersey, Pennsylvania, Delaware, Maryland, Virginia, Florida and Washington D.C. announced an $8 million multistate settlement with Wawa Inc. that resolves the states’ investigation into a 2019 data breach that compromised approximately 34 million payment cards used by consumers at Wawa stores and fueling locations. 

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 1 Minute Read
Hunton Publishes 2020 Retail Industry Year in Review

This is an extraordinary and unprecedented time for the retail industry. Hunton Andrews Kurth’s 2020 Retail Industry Year in Review provides an in-depth analysis of the issues and challenges that retailers faced in the past year, and a look ahead at what they can expect in 2021. The Year in Review includes several articles authored by our privacy and cybersecurity lawyers, including on topics such as the cashier-less technology revolution, the California Privacy Rights Act of 2020 and “buy now, pay later” plans.

Read the full publication.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
Hilton Agrees to Settle Data Breach-Related Claims by NY and VT Attorneys General

On October 31, 2017, the New York and Vermont Attorneys General (“Attorneys General”) announced a settlement with Hilton Domestic Operating Company, Inc., formerly known as Hilton Worldwide, Inc. (“Hilton”), to settle allegations that the company lacked reasonable data security and waited too long to report a pair of 2015 data breaches, which exposed over 350,000 credit card numbers. The Attorneys General alleged that Hilton failed to maintain reasonable data security and waited more than nine months after the first incident to notify consumers of the breaches, in violation of the states' consumer protection and breach notification laws.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page