MADISON, Wis. (3/21/08)--With the massive data breaches experienced in the U.S. the past year, service providers offering data breach insurance are making the rounds. But is data breach insurance right for a credit union? "Data breach insurance is more directed to the merchant" than the financial institution issuing the credit or debit card, said Chuck Cashman, director of product management with the Credit Union Protection division at CUNA Mutual Group. A merchant who is not Payment Card Industry (PCI)-compliant has a stronger case for getting that kind of insurance policy to cover fines and litigation. But if a merchant isn't PCI-compliant and has a data breach, the insurer can require the merchant to become PCI-compliant before reinsuring the merchant, Cashman told News Now. Data breach insurance would help a merchant who is PCI-complaint but still a victim of a breach--such as in the Hannaford Bros. breach that was announced this week, said Cashman. "Hannaford was PCI-compliant," he said. In that case, the insurance "might help stave off potential costs of the breach." Credit unions are covered against data breaches under CUNA Mutual's plastic cards policies, Cashman said. The policies differ according to what each credit union needs. "They are not a cookie-cutter service. A credit union can insure for losses in a range from the ground up to catastrophic losses," he said. When members' accounts are compromised in a data breach, there are hard costs and soft costs, he said. "There's the hard money of reissuing the plastic," he said. For example, at $15 per card, which is in the lower range of estimates for replacing cards, a credit union replacing 5,000 cards would spend a minimum of $75,000. "There's also the soft dollars related to making phone calls and reaching out to members," Cashman added. "Credit unions typically don't have the back-office infrastructure to do all that." Credit unions approached about breach insurance should contact their current provider, who can help them through the process so the credit union is making an apples-to-apples comparison of policy provisions. Because each policy has unique provisions to fit the individual credit union's need, it often takes a rigorous review to understand each provision in the policy, Cashman said.