Do I Need Cyber Insurance if I Use a Third-Party Payment Company?

Third-party services such as PayPal and Stripe help standardise online payments and make your job a little easier. But do you need cyber insurance if you use them?

Yes. If you use a third-party payment company to process transactions online, you will need cyber insurance.

This is because taking online payments comes with a different set of associated risks than with non-digital forms of payment or by taking cards in person.

In this article, we’ll answer the following questions:

• Do I need cyber insurance if I use a third-party payment solution?
• Should my online payment service provide cyber insurance?
• How are my customers’ payment details protected?

If a company collects the data of its customers, e.g. credit card information, then it is the company’s responsibility to keep that data secure.

Do you use a third party payment processor?

A third party payment processor is a merchant services provider. Using a third party payment processor lets you provide more payment methods to your customers, e.g. credit and debit cards or mobile payments. They also help you receive payments without first setting up your own merchant account with a bank.

Third party payment processors come with all the advantages of outsourcing a complex and vital part of your business. The transactions are handled securely, you don’t need to hire professional developers, customer service is on hand, and your customers will already be familiar with using these services.

Examples of well-known third-party payment processors include Square, PayPal and Stripe. The most suitable service will depend on your business needs.

Third party payment processors usually charge a percentage or flat fee per transaction, instead of an annual plan. However even though your transactions may be handled by an outside company, this doesn’t mean you don’t need your own insurance.

Take out your own cyber insurance

Put simply, even if all your payments are handled by a third party service, your business will still hold information on your clients. This may include their passwords, their order history, addresses and more, for example.

Just because a third party payment provider allows you to send and receive money, doesn’t mean it’s solely responsible for collecting your customers’ data – and while cost-effective it’s not necessarily a safer option.

On November 21, 2019, Edenred, a payment solutions provider, reported that it was infected by malware. Operating across 46 countries, they managed 2.5 billion payment transactions in 2018. The number of people affected and the extent of the attack is still currently unknown.

And in 2020, the Marriott Hotels Group suffered an attack in which 5.2 million customers’ credit card details, emails and home addresses were obtained by hackers. It came after a catastrophic data breach which saw the records of approximately 339 million guests exposed, where hackers were found to have had unauthorized access to the hotel’s network since 2014.

These businesses could not have survived without cyber insurance. No matter if you use a third party payment processor or not, your business – and your clients’ and employees’ information – is at risk if you don’t have cover.

Costs of a data breach

Cyber insurance cover includes the clean up of the breach, notification to the affected clients, any resulting regulatory fines and third party liability awards.

As soon as possible after you realise your business has been compromised, you must inform the regulatory authorities. Failing to do so will result in a hefty fine, as you will be falling foul of GDPR regulations.

Your cyber insurance will also help to cover any loss of business while you get things back up and running. It can also help cover the costs of hiring security experts to upgrade your systems so an attack doesn’t happen in the future.

Confused about cyber insurance? Give us a call today, and our cyber liability insurance experts will be on hand to walk you through all the cover options when it comes to protecting your business.