BACKGROUND IMAGE: iSTOCK/GETTY IMAGES

Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Is a data breach warranty worth the investment?

A data breach warranty may seem like a tempting way to survive a costly attack, but it may not be all it's hyped up to be. Expert Mike Chapple examines.

A company recently came out with a payment card breach warranty that covers the company's end-to-end encrypted devices in the case of a failure; if it fails, the company will cover merchant compliance fines and assessments as well as costs for a related PCI audit for a year. Are there any real advantages of such a warranty, and how is this different from cybersecurity insurance?

While this data breach warranty certainly made a splash in the IT news media, I believe it is more hype than substance. In January 2015, Heartland Payment Systems announced its E3 End-to-End Encryption Warranty that promises to reimburse breach-related fines to merchants using the E3 point-to-point encryption devices.

You might remember Heartland Payment Systems as the victim of a high-profile security breach back in 2008 that affected the personal information of up to 100 million individuals. Heartland has lived in the shadow of that breach for the past seven years and this new warranty program is likely a public relations gambit designed to boost its image among security-conscious merchants.

The bottom line is that the breach warranty Heartland offers probably isn't going to pay out many claims because it requires using point-to-point encryption systems. Properly implemented, this technology encrypts credit card information from the time of the swipe until it reaches the payment processor. Sensitive information is never in the merchant's hands -- at least electronically -- minimizing the chances of a security breach.

There's also a catch surrounding this warranty. It's free for the first year, but then has a monthly fee of $8.33 per device. If you're using 100 devices, it will run you a cool $10,000 per year. If I were planning to invest $10,000 in a risk transference plan, I wouldn't purchase this warranty. I'd go after a full-fledged cybersecurity insurance program that provides broader data breach protection and is backed by a traditional insurance company. You'll get more comprehensive data breach protection with the reputation of a major insurer on the line.

Ask the Expert:
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today. (All questions are anonymous.)

Next Steps

Learn about the new barriers required for data breach protection

MIT Sloan's research shows how to handle a data breach 

This was last published in July 2015

Dig Deeper on Data security breaches

PCI Council readying end-to-end encryption guidance The PCI Security Standards Council is studying a number of emerging technologies and plans to issue a guidance document on end-to-end encryption when it releases the next version of the PCI Data Security Standards (PCI DSS), due out in October. Bob Russo, general manager of the PCI Council, said researchers are preparing documentation on what he calls the latest industry "big buzz word." Other technologies being studied include the use of tokenization and chip and PIN technologies to protect credit card data and how virtualization affects data protection technologies. In this interview, conducted at the recent 2010 RSA Security Conference, Russo explains whether the next version of PCI DSS will have any major changes and why the Council takes a cautious approach to adding changes to the standard.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

2 comments

Send me notifications when other members comment.

Please create a username to comment.

This is still something new in the IT field. I would love to hear real world cases where companies tried to file a warranty claim and what their results were. Sounds great if it works but I see too many variables to make me feel comfortable.
Cancel
I'm a Heartland Relationship Manager, we're the local individuals that sell and support Heartlands services. The Heartland Secure breach warranty is Free. As long as you're using a certified Heartland encrypted terminal and processing on our network, you're covered by the breach warranty FREE of charge for as long as you're a customer of Heartland. Heartland was a victim of a very large data breach which our founder Bob Carr handled in a very honest and transparent manor which are the basis of our core principals. The creation of our Breach Warranty is not a PR stunt. It's a testament to the confidence we have in our security, and a promise to our customers. I will be glad to provide whatever proof you need to warrant editing your post.

Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close