Security & PCI Compliance2019-08-07T12:24:24-04:00
Security and Compliance experts

We Are the Security
and Compliance Experts

we help you stay secure

Equipment or Ecommerce
We Help You Stay Secure

breach insurance

Available Breach Insurance
for Peace of Mind

A breach can cause irreparable harm to a business’s reputation and customer relationships.

  • Financial burdens such as fines, fees, chargebacks, and investigation costs.

  • Becoming compliant with the Payment Card Industry Data Security Standards (often shortened to “PCI DSS” or just “PCI”) will help lower your risk of a breach.

  • Compliance with this set of data security requirements established and governed by Visa®, MasterCard®, American Express®, and Discover® to protect cardholder account information is a requirement of all merchants processing credit or debit cards.

  • Newtek takes these requirements seriously and is requiring all of our merchants to validate their compliance with PCI-DSS.

Compliance helps build the right security to protect your customer data – preventing theft and fraud.


contact a newtek Payments Specialist now.

call us




we’ll call you


PCI Program through Trustwave

The Payment Card Industry Data Security Standard (often shortened to “PCI DSS” or just “PCI”), is a set of data security requirements established and governed by Visa®, MasterCard®, American Express®, and Discover® to protect cardholder account information.

  • PCI DSS includes best practices to identify vulnerabilities in processes, procedures, and web site configurations. These practices help businesses protect themselves against security breaches, safeguard customer data, and protect the integrity of electronic payments.

  • To help ensure that you are in compliance as mandated by the payment brands, we have created our compliance assistance program in conjunction with Trustwave to help protect you and customers from fraud and theft.

  • PCI compliance is required of all merchants accepting credit and debit cards. Newtek’s Compliance Assistance Program will provide you with access to a suite of PCI compliance tools, including the self-assessment questionnaire, sample security policies, security awareness training and website scanning, if required.

How to Become PCI Compliant

  • In order to get started click here. For instructions and help, download the getting started guide here.

  • Easy as 1-2-3; register, comply and revalidation

  • After registering at Trustwave for TrustKeeper, you will need to comply by completing the assigned SAQ and vulnerability scans, if applicable. Lastly, you will need to revalidate either annually (SAQ only) or quarterly (if scanning is required).

Newtek has partnered with Trustwave to help merchants become secure and PCI compliant.

Get Started

Program Overview

The Newtek Breach Protection Program is an indemnification program acquired to reduce monetary exposure in the event of a data compromise of a merchant account. The Breach Protection Program is designed specifically to meet the expenses resulting from a suspected or actual breach of credit card data from a merchant account. The program is offered through our partnership with Trustwave by RGS Limited, LLC. For additional information please visit


The Program Covers

  • A mandatory forensic audit required by the Payment Card Industry Data Security Standard (PCI DSS) of a merchant when a data breach is suspected.
  • The data breach can be either a system/network breach or the physical theft of the credit card data from stolen receipts, stolen computers, skimming, or even employee theft.
  • Card replacement costs and related expenses resulting from the data breach.
  • All Level 2, 3, and 4 merchants regardless of their level of compliance with the standard.

Frequently Asked Questions

payroll-security-icon-lgPCI Compliance 

Trustwave was NOT able to find my account on TrustKeeper, how do I enroll?2016-12-08T16:04:30-05:00

Please call Newtek’s Customer Support at 800-277-6980

Do I have to use Trustwave for compliance?2017-04-13T09:43:51-04:00

You are welcome to use any approved PCI vendor to complete your compliance. If you chose to use another vendor, you will be responsible for any costs. You are also responsible to upload your third party compliance to Newtek via our Trustwave portal. Please click here for instructions on how to upload your information.

I’m compliant through someone else, what do I do?2017-04-13T09:44:56-04:00

If you have already become compliant with an approved PCI vendor, Newtek will accept that compliance. When you log into your TrustKeeper account, you can identify yourself as “Already Compliant” on the home page. This will require you to choose which SAQ you have completed and attest to your compliance. You will then be required to upload your SAQ and scan reports were applicable. Please click here to review the third-party walk through document.

What are the consequences of not becoming compliant?2016-12-08T16:02:26-05:00

Aside from the $19.00 monthly charge, a data breach can severely impact a small business, with financial burdens, such as fines, fees, chargebacks, and investigation costs.

What if I don’t want to become compliant?2016-12-08T16:01:59-05:00

If you prefer to remain non-compliant your account will continue to be charged $19.00 per month. You can avoid this fee by becoming compliant today. Some of the advantages of becoming compliant are:
Protection from possible fines, fees, chargebacks and investigation costs.
Prevent theft and fraud
Identify network weaknesses
Detect sensitive data storage
Avoid harming your business’ reputation

As a Newtek merchant you can get started by going to and clicking get started. Please have your merchant number handy.

How do I become compliant?2016-12-08T16:01:23-05:00

Newtek has partnered with Trustwave a leading provider of PCI compliance and data security solutions for the payment industry. As a Newtek merchant you can get started by going to and clicking get started. Please have your merchant number handy.

What is the cost to become compliant?2018-03-06T10:42:29-05:00

The monthly compliance service fee covers access to a suite of PCI compliance tools at Trustwave. These tools include the self-assessment questionnaire, sample security policies, security awareness training and website scanning, if required. However, if you need to fix any security gaps found during the validation process, that cost would not be covered by the compliance service fee; this cost would be your responsibility.

What is PCI Compliance?2016-12-08T16:00:17-05:00

PCI Compliance is a set of standards developed by the Payment Card Industry to reduce credit card data theft and fraud. It applies to ALL merchants that accept or handle credit and debit cards.

Frequently Asked Questions

breach-umbrella-icon Breach Insurance

If a merchant account does suffer a loss, how quickly will the claim be processed?2016-12-08T16:09:22-05:00

Quickly! Once the relevant documentation is provided, the requests for payments will be processed. Assuming that the documentation is in order, the request should be processed within thirty days.

How is a data compromise reported for the Program?2016-12-08T16:08:58-05:00

To report a data compromise you simply have to call the RGS Claims Department at (888) 545-7133. You will be asked to provide the following items: (1) the notice from the card brand or acquiring bank that stipulates there has been (or there is the suspicion of) a data breach at your covered location; (2) a copy of the invoice provided by the certified PCI DSS auditor; and (3) a contact name and mailing address for the claim settlement to be sent.

If a merchant account is certified to be PCI DSS compliant, does it still need to be in the Program?2016-12-08T16:08:35-05:00

Yes! Certification of PCI DSS compliance is not a guarantee that a breach will not occur. The analogy that best describes the situation is this: “You can have the best alarm system in the world, but it is useless if you don’t turn it on.” Also, the Program covers employee theft and the physical theft of data. PCI DSS compliance alone cannot prevent these losses.

If the transaction processing system used with a merchant account does not store magnetic stripe data, can it still have a data compromise?2016-12-08T16:08:13-05:00

Yes! While it is true that merchant accounts that store magnetic stripe data are the most vulnerable, there are a number of other risks. For example, missing or outdated security patches, using vendor supplied default settings and passwords, SQL injections by hackers, unnecessary and vulnerable services on your servers, stolen receipts, stolen computers, employee theft, and skimming can all lead to significant data compromises and subject the merchant account to audits, card replacement costs, and fines.

Level 4 merchant accounts aren’t breached often are they?2016-12-08T16:07:50-05:00

Absolutely, 90 percent of card data breaches occur at small businesses with less than 1 million transactions a year.

Must a merchant account be PCI DSS compliant in order to be protected under the Program?2016-12-08T16:07:25-05:00

No. However, if a merchant account experiences a breach, the merchant account must become compliant before that merchant account can participate in (or re-enter) the Program.

Can any merchant account qualify for this program?2016-12-08T16:07:06-05:00

Any Level 2, 3, or 4 merchant account is eligible, provided it has not already suffered a data compromise. Level 1 merchant accounts are not eligible for this protection.

If a merchant agreement has multiple merchant accounts, is each account protected for $100,000?2016-12-08T16:06:39-05:00

The Newtek Breach Protection Program provides protection on a per-merchant account basis but an incident and annual limit of $500,000 does apply to a merchant agreement with ten or more protected merchant accounts.

Is there any deductible?2016-12-08T16:06:16-05:00

There is NO deductible!

What is the protection limit?2016-12-08T16:05:56-05:00

The maximum protection is $100,000 per incident, for each merchant account.

What insurance company underwrites this program?2016-12-08T16:05:34-05:00

AIG Specialty Insurance Company has collaborated with RGS to create this program. AIG is a well-established, financially strong insurance group whose insurance companies hold “A” ratings from independent third party rating agencies.

Why do merchant accounts need this coverage?2016-12-08T16:05:12-05:00

If a merchant account suffers a suspected or actual data breach, the business responsible for the merchant account could incur thousands upon thousands of dollars of unexpected costs in the form of audit expenses, card monitoring and replacement expenses, and fines. These costs could significantly affect revenue…and even jeopardize the existence of a business. The Newtek Breach Protection Program reduces a protected merchant account’s monetary exposure when a presumed or actual data compromise occurs, thus providing peace of mind!

Newtek Merchant Solutions is a registered ISO for Westamerica Bank, Santa Rosa, CA.
Newtek Merchant Solutions is a registered ISO/MSP of Merrick Bank, South Jordan, UT
Newtek Merchant Solutions is an Elavon Payments Partner & Registered MSP/ISO of Elavon, Inc. Georgia (a wholly owned subsidiary of U.S. Bancorp, Minneapolis, MN)

chat-iconLIVE CHAT