Add to collection(s) Add to saved
  1. Business

5 Reasons Why You Need CNA NetProtect® for McDonalds

5
1
The credit and debit
card information that
you collect has black
market value and is
an attractive target
for criminals. That
makes you a target
for an attack.
Thieves are stealing
information more often
and on a larger scale than
ever before. In fact, credit
cards are an estimated
59 percent of stolen
personal data sold in the
black market.1
Data breaches occurred
eight times more often
in 2009 than in 2005.
And they are getting
bigger too ­— the average
amount of stolen data is
more than five times the
amount of breaches from
just four years ago.2
Reasons Why You Need CNA
NetProtect for McDonalds
2
Your McDonalds
network security
can’t protect your
debit and credit card
information. Plus, if
one of your vendors
has a breach, you
could be held liable.
Card data is often stolen
through skimming,
a technique where
restaurant employees use
inexpensive handheld
card readers to secretly
capture customer
card data. Fast food
restaurants, including
McDonalds stores are
frequent victims of
skimming attacks3,4.
Additionally, vendors are
responsible for 30 to 40
percent of all breaches5.
Your security doesn’t
protect their networks.
You may be liable if
your bank or payment
processing vendor has a
breach.
®
3
You have obligations
under new privacy
laws.
If you have a breach, the
law in 47 U.S. jurisdictions6
now requires you to
notify affected consumers
at your own expense.
Additionally, some states
have laws that require you
to protect information
in specific ways.7 Failing
to comply could result in
regulatory action, fines
and penalties.
Privacy law is constantly
changing. If you have
a breach or face a
regulatory action, you’ll
want access to law firms
who specialize in privacy.
CNA NetProtect®
provides access to
specialist firms.
4
You have liability
and can be sued or
face governmental
regulatory
enforcement actions.
If your store has a data
breach, you could be
held liable by a number
of parties. Banks can
sue you to recover their
cost to re-issue stolen
cards. Your employees
can sue if their data,
including their social
security numbers, bank
account information or
health information are
compromised.
Plus, federal and state
governments can bring
regulatory action against
you for allegedly failing
to comply with privacy
law.
Defense is expensive —
even if you did nothing
wrong.
5
Compared with
premiums, the cost
of a breach could be
high.
CNA NetProtect® for
McDonalds owneroperators provides
coverage for as little as
$1,112 a store.
By comparison:
The cost to comply with
breach notification laws
is typically between $5i
and $15ii per card. Just
one month of undetected
skimming at a typical
McDonalds store could
cost you between $11,000
and $33,000iii.
If a bank sues for card
reissuance costs at
a typical $12 to $22
per cardiv, it could cost
you roughly $52,000 to
$190,000v for each store
involved.
And your legal expenses
in defending those
complaints or regulatory
actions could be even
higher.
Privacy Rights Clearinghouse. June 2007. Privacy Rights Clearinghouse. Accessed July 26, 2007, www.privacyrights.org/ar/idtheftsurveys.htm. Open Security Foundation Dataloss db 1-1-05 through 11-23-09.
Accessed Nov 23, 2009, http://datalossdb.org/
http://www.encryptionreports.com/download/Ponemon_COB_2009_US.pdf
3
http://www.wired.com/threatlevel/2009/10/florida_skimming/#ixzz0kF0y2k8R
4
http://www.washingtonpost.com/wp-dyn/content/article/2009/06/08/AR2009060804002.html
5
2007 Annual Study: US Cost of Data Breach, Understanding Financial Impact, Customer Turnover, and Preventative Solutions, A study summarizing the actual costs incurred by 35 US organizations that lost
confidential information and had a regulatory requirement to publicly notify affected individuals, Benchmark research conducted by Ponemon Institute, LLC, November 2007
6
State Data Security/Breach Notification Laws (as of December 2009), Commercial Law League of America, accessed 1/21/2010, http://www.clla.org/documents/breach.xls
7
MA: 201 CMR 17.01 et. seq; Mass general Laws Ch 93 H , NV: NRS 597. 970, 15. . V.T.C.A., Bus. & C. §324.101
i
Low estimate reflects $5 cost based on CNA negotiated rates for breach response vendor services as of 8 April 2010 and assumed consumer uptake rates on call center calls and credit monitoring services
ii
High estimate reflects $15 per card. Source: “Ponemon Study Shows Data Breach Costs Continue to Rise”. Retrieved July 7, 2008, from http://www.ponemon.org/press/PR_Ponemon_2007-COB_071126_F.p)
iii
Based on: McDonalds data supplied on 11/2/2009 showing an average of 80,000 card transaction per year per store, and assumed average of 3 visits per store per month per cardholder. Resulting 1 month
of card skimming would compromise 4400 cards, Low estimate based on 4400 cards at $5 per card per note # 3 above. High estimate based on 4400 cards at $15 per card per note 4 above.
iv
http://www.digitaltransactions.net/newsstory.cfm?newsid=1274, accessed 4/7/10
v
Low estimate based on 4400 cards skimmed at $12 per card. High estimate based on 8800 cards compromised by vendor at $22 per card.
1
2
For more information about products that can help protect you for privacy and information risk,
contact your agent at Lovitt & Touché at 800-635-4880.
One or more of the CNA companies provide the products and/or services described. The information is intended to present a general overview for illustrative purposes only. It is not intended to constitute a binding contract.
The information, examples and suggestions presented in this material have been developed from sources believed to be reliable, but they should not be construed as legal or other professional advice. CNA accepts no
responsibility for the accuracy or completeness of this material and recommends the consultation with competent legal counsel and/or other professional advisors before applying this material in any particular factual
situations. Please remember that only the relevant insurance policy can provide the actual terms, coverages, amounts, conditions and exclusions for an insured. All products and services may not be available in all states
and may be subject to change without notice. Any references to non-CNA Web sites are provided solely for convenience and CNA disclaims any responsibility with respect thereto. CNA is a registered trademark of CNA
Financial Corporation. Copyright © 2010 CNA. All rights reserved.
LT SS TECH 080510
Related documents
High Court case Citation Court Procedural History Facts Issue
High Court case Citation Court Procedural History Facts Issue
Mending Fences After a Breach - Centre for Information Policy
Mending Fences After a Breach - Centre for Information Policy
United Hospice Committed to Caring
United Hospice Committed to Caring
Certified Nursing Assistant (CNA) Programs
Certified Nursing Assistant (CNA) Programs
CAREER ADVANCEMENT ACADEMY
CAREER ADVANCEMENT ACADEMY
Interested Industry Participant Registration Form
Interested Industry Participant Registration Form
DISCHARGE OF CONTRACT
DISCHARGE OF CONTRACT
Form 2 - Cost estimate
Form 2 - Cost estimate
Download