By Bob Goldberg, RSPA Attorney, Schoenberg, Finkel, Newman & Rosenberg, LLC.
Payment card industry liabilities can be significant and present potential losses for both merchants and resellers. Having been involved with numerous “alleged” breaches I have seen firsthand the anguish and costs to both merchants and resellers. It is these two participants in the payment processing chain that have the least protection under the required agreements among card issuers, banks, payment processors, equipment suppliers, resellers and merchants. It thus seemed logical that if a merchant could insure against such liabilities, the reseller would not face claims from its customers. In response, there are several “insurance” policies available for merchants to address potential liabilities from PCI claims. In fact resellers can offer these policies to merchants and in several instances receive compensation for its efforts. Problem solved? Not at all.
Insurance policies sold to merchants contain a “right of subrogation.” We have seen this term in numerous agreements, but do we really understand the meaning and potential impact? Subrogation in its simplest terms is defined as the “Substitution of one claim for another.” In our situation, a merchant who was breached would have a claim for its loss under the insurance policy sold to cover that risk. After a reduction of the amount of the deductible and other exclusions, the claim would be paid if it meets the terms of the policy. At this point the insurance company has suffered a loss as well and the right of subrogation comes into play.
To read more, download Bob's full column at the link below.