Frequently Asked Questions:

Q: Howw do I qualify for the data theft indemnification ?

A: The indemnification will be available to a merchant that is participating in Meridian’s Platinum Security Protection Program and that successfully completes the Self-Assessment Questionnaire and scans, if applicable, and receives a certificate of validation, as long as there is no change in the merchants business practices regarding card acceptance.



Q: Why do I need this Indemnification ?

A: If you suffer a data theft, you could incur thousands of dollars of unexpected costs in the form of audit expenses, card monitoring and replacement expenses, and fines. These costs could significantly affect your income and even jeopardize the existence of your business.



Q: WHAT IS THE INDEMNIFICATION AMOUNT?

A: The indemnification amount is limited to $50,000, for each indemnified MID. If you have multiple MIDs that have the same federal tax identification number (or in the case of a sole proprietorship, the same social security number) then the maximum aggregate indemnification is limited to $100,000.



Q: What does the Indemnification cover ?

A: The data theft indemnification from NPC indemnifies you against your liabilities to Meridian under your merchant agreement with NPC for the following claims arising from a card data theft that occurs after your receipt of the certificate of validation: (1) fines resulting from a required audit conducted by an approved security assessor, (2) costs associated with mandatory audits, and (3) costs associated with credit card replacement for compromised card numbers.



Q: Must I be PCI DSS compliant in order to get get this Indemnification ?

A: Yes. Compliance is required by the Card Brands and is required to receive the indemnification. To validate your compliance, you must successfully complete your Self-Assessment Questionnaire (SAQ) and the scans, if applicable, and successfully receive a certificate of validation.



Q: How long am I eligible for the Indemnification ?

A: As long as you remain qualified and Meridian has not notified you of a change in Meridian’s Platinum Security Protection Program*, your eligibility for the indemnification shall be for one year from the date of your enrollment in the Meridian Platinum Security Protection Program and will continue on an annual basis thereafter. However, if you experience a card data theft after your receipt of the certificate of validation but while you are participating in Meridian’s Platinum Security Protection Program, Meridian will indemnify you for your eligible costs arising from that card data theft, up to the limit of indemnification, but you will not be eligible for indemnification from NPC on any subsequent card data theft.



Q: I am already PCI DSS compliant. Why Do I still need this Indemnification ?

A: Certification of PCI DSS compliance is not a guarantee that a theft will not occur. The indemnification covers employee theft and the physical theft of data. PCI DSS compliance alone cannot prevent cardholder data thefts.



Q: What is the process of reporting a possible card data theft ?

A: You should immediately contact Meridian or NPC at PCIcompliance@npc.net. Provide your name, MID, contact information and a brief summary of the incident in this communication, but do not include cardholder numbers or other sensitive information.



Q: If I incur costs that I have been in demnified for, how do I receive the benefit of the indemnification ?

A: You simply have to contact Meridian or NPC at www.npc.net and follow the instructions.