MY SECURE ADVANTAGE™

TERMS AND CONDITIONS

Last Updated on 8/1/2020

  1. My Secure Advantage™ Program
    1. Definitions
      1. Plan: Plan shall mean a combination of My Secure Advantage™ Benefits available to a Covered Member.
      2. Named Member: Named Member shall mean the individual who is enrolled in the Plan.
      3. Covered Member: Covered Member shall mean others who are covered by a Named Member’s Plan.
      4. Self-Paying Member: A Self-Paying Member has voluntary chosen to enroll in a Plan under a self-pay arrangement with the Plan Administrator.
      5. Membership Fee: A Membership Fee is the payment made to the Plan Administrator by a Self-Paying Member or by a Plan Sponsor on behalf of a Member for access to Benefits under a My Secure Advantage™ Plan.
      6. Member: Named Member and Covered Member, collectively.
      7. Plan Sponsor: Plan Sponsor shall mean an organization, such as an employer, who has entered into a separate agreement with the Plan Administrator to provide certain Members with access to a Plan.
      8. Plan Sponsor Agreement: Plan Sponsor Agreement is the agreement between a Plan Sponsor and the Plan Administrator that describes the Benefits provided to Members thru the Plan purchased by the Plan Sponsor.
      9. Plan Administrator: Plan Administrator shall mean My Secure Advantage, Inc., which is located at 3001 Lava Ridge Court, Suite 250, Roseville, CA 95661.
      10. Money Coach: Money Coach shall mean certain professional individuals who are employees of the Plan Administrator and who collectively provide the financial services described in these Terms and Conditions.
      11. Benefits: Benefits shall mean the features of the My Secure Advantage™ Program. Examples of Benefits as described in these Terms and Conditions are: Financial Coaching, ID Theft Monitoring/Fraud Resolution, MY SECURE ADVANTAGE™ Website, and Legal/ Mediation referrals.
      12. Third Party Provider: Third Party Provider shall mean all Attorneys, Accountants, Mediators, and certain other professional individuals who have agreed to offer their services to Members for a discounted fee. Members may choose to access Third Party Provider services at the Member’s discretion and under a separate agreement between Third Party Provider and the Member.
    2. Descriptions/Exclusions/Conditions
      1. Plan Benefits
        1. There may be several Self-Paying Member Plans and each Self-Paying Member will receive a description of the Benefits available through their Plan at the time of enrollment. Self-Paying Members can also contact the Plan Administrator for a description of the Benefits provided by their Plan.
        2. The Plan Administrator reserves the right to change the Benefits associated with a Self-Paying Member’s Plan at any time and will provide the Member with at least 30 days advance notice before implementing the change.
        3. The specific Benefits available to a Member through a Plan provided by a Plan Sponsor are defined by a unique Plan Sponsor Agreement. Members who have access to a Plan provided by a Plan Sponsor should contact their Plan Sponsor for a description of their Benefits. The Benefits provided by a Plan Sponsor may change at any time as dictated by the Plan Sponsor Agreement.
        4. Benefits are described in Section C below.
      2. Term
        1. For Self-Paying Members, the Plan is funded by the Member and coverage begins on the day that a payment from the Self-Paying Member is received by the Plan Administrator. Coverage will continue on a month-to-month basis and will end when terminated by the Plan Administrator or the Self-Paying Member.
        2. The term and termination provisions of a Plan provided by a Plan Sponsor is defined in the Plan Sponsor Agreement.
      3. Cancellation
        1. Cancellation of Self-Paying Member’s Plan: The Plan Administrator, in its sole discretion, reserves the right to cancel a Self-Paying Member’s Plan for any reason, including either fraud or non-payment of Membership Fees. The Self-Paying Member may cancel their Plan at any time by giving written notice to the Plan Administrator.
        2. Cancellation provisions for a Plan provided by a Plan Sponsor are defined in the Plan Sponsor Agreement.
      4. Professional Judgment of the Money Coach or Fraud Resolution Specialist: The Plan Administrator will in no way influence or attempt to affect the rendering of services by a Money Coach or FRS. The Money Coach and FRS will provide objective and independent financial coaching and ID theft recovery advice to the best of his or her ability. In addition, if the Money Coach or FRS makes the decision that it is not in the best interests of Plan Administrator to advise/pursue a matter/claim on behalf of the member, then all services may be immediately terminated in the sole discretion of the Money Coach or FRS.
      5. Professional Judgment of a Third-Party Provider: The Third-Party Provider has the sole right to determine (in his or her professional judgment) whether or not a claim or defense under any Benefit constitutes a frivolous or otherwise unmeritorious claim or defense. This includes decisions to appeal any judgment or decision. Further:
        1. The Third- Party Provider reserves the right to make independent professional judgments regarding the presentation of same.
        2. The Plan Administrator will in no way influence or attempt to affect the rendering of eligible services by a Third-Party Provider.
        3. Any errors and omissions of a Third-Party Provider are his or her sole responsibility. No such liability will be assumed or incurred by either the Plan Administrator or the Plan Sponsor.
      6. Membership Fees
        1. For Members with access to a Plan provided by a Plan Sponsor, Membership Fees for this Plan are paid by the Member’s Plan Sponsor and are governed by the Plan Sponsor Agreement.
        2. Membership fees for a Self-Paying Member Plan are paid by the Member and are governed by the conditions of Section C of these Terms and Conditions.
      7. Excluded Costs: Fines, court costs, penalties, expert witness fees, bonds, bail bonds, fees established by state statute and other such out-of-pocket expenses are not covered by the benefits described in this Agreement. Any such costs will need to be paid by the Named Member and Covered Member under the terms of the Attorney or Accountant or Mediator-Client Contract described in Section 9 below.
      8. Attorney or Accountant or Mediator-Client Contract: All legal and accounting services shall be subject to terms of an Attorney or Accountant or Mediator-Client Contract to be executed by the Member prior to the time services are rendered. Said contract shall require payments by the Member to the Third-Party Provider for any anticipated out-of-pocket costs, plus a retainer that covers all reasonably anticipated legal services not covered by the Agreement. Appropriate dollar amounts for said retainer and any anticipated out-of-pocket costs shall be determined by the Third-Party Provider (in his or her sole discretion). The Member will not be eligible to receive his or her requested benefit unless and until such payments have been made.
      9. Exclusions Applicable to all Plans - the following financial or legal matters and services are specifically excluded from coverage under any of the Plans described in any Agreement or in these Terms and Conditions:
        1. Services Available Under Other Plans or Forms of Insurance: Any financial or legal service that is available to the Member under another plan or form of insurance, unless such plan or form of insurance permits subrogation rights and/or third-party indemnification.
        2. Actions Involving Other Parties: Any legal matter involving an adversarial relationship between or among the parties, including, but is not limited to, the Member, the Plan Sponsor, the Plan Administrator and any Third-Party Provider(s).
        3. Actions Involving Employment: Any actions arising from the Member’s employment.
        4. Class Action Lawsuits and Similar Actions: Class actions, interventions, appeals or amicus curiae filings.
        5. Conflicts of Interest: Any matter or service that is found by the Third-Party Provider to be in conflict of interest with his or her practice.
        6. Frivolous or Groundless Claims: Any claim or defense which is deemed by a Third-Party Provider (at his or her sole discretion) to be frivolous or groundless.
        7. Respondeat Superior: A Member may not receive coverage solely as a result of the doctrine of Respondeat Superior.
        8. Issues involving Professional Licensing and Codes of Ethics: Any matter or service which might subject the professional provider to either ethical considerations or licensing concerns.
        9. Payments to Third Party Providers: When it is determined by the Member, with the assistance of the staff Money Coach, that outside services are necessary, the Covered Member shall contract directly with the Third Party Provider and shall pay for all professional services fees and costs directly to the Third Party Provider and shall be solely responsible for payment. All such fees and costs shall be non-refundable.
      10. Condition of using MSA Wallet: The following notice applies to those Members that have access to MSA Wallet through their Plan: MSA Wallet uses Plaid Technologies, Inc. to gather Members’ data from financial institutions. By using MSA Wallet, you (the Member) grant MY SECURE ADVANTAGE, Inc and Plaid Technologies, Inc. the right, power, and authority to act on your behalf to access and transmit your personal and financial information from the relevant financial institution. By using MSA Wallet you also agree to your personal and financial information being transferred, stored, and processed by Plaid Technologies, Inc. in accordance with the Plaid Privacy Policy, which can be found at: https://plaid.com/legal
      11. Miscellaneous:
        1. Complaint Resolution: Should the Member at any time have a complaint with or concern regarding the services provided by staff or a professional provider, the Member may call or send a written notice to the Plan Administrator. The Plan Administrator may contact the Member for additional information, as well as, the staff Money Coach or the Third-Party Provider for input, within five (5) business days of receipt of the notice. The Plan Administrator will attempt to resolve the complaint within thirty (30) days or less of the notice. The Member will be advised throughout the process of the steps being taken to resolve the matter, via telephone, email or any other acceptable means of communication to the Member. The Member expressly waives all matters of confidentiality for purposes of investigating and resolving any complaints or concerns.
        2. Binding Arbitration: In the event that any controversy or claim arises between the Named Member, Covered Member, the Plan Administrator, any Money Coach, or any combination thereof, which is pursuant to these Terms and Conditions or pertains to services rendered under the My Secure Advantage™ Program which cannot be resolved by mutual agreement between the disputing parties, then such controversy or claim shall be submitted for settlement by binding arbitration in accordance with the then-current rules of the American Arbitration Association as full recourse between the disputing parties.
          1. The arbitrator(s) shall have the power to decide any dispute between the parties concerning the application or interpretation of these Terms and Conditions or the rendering of any service under the My Secure Advantage™ Program. Any such decision rendered by the arbitrator(s) shall be final and binding upon all parties, but said arbitrator(s) shall have no power to change or add to the provisions of these Terms and Conditions or the rendering of services under the My Secure Advantage™ Program.
          2. If such arbitration includes the Plan Administrator, a Money Coach, or any employee of MSA, the location of the arbitration shall be Roseville, California. Prior to the beginning of the arbitration, each disputing party shall pay an equal share of the estimated cost of arbitration.
        3. Integration: These Terms and Conditions represent the entire agreement between the Plan Administrator and the Self-Paying Member and supersede any advertisements, letters, articles, or written or oral statements, which pre-date or were made contemporaneously with these Terms and Conditions.
        4. Severance Clauses: If any section of these Terms and Conditions is deemed null and void, such section shall be severed and shall not affect the validity of the rest of these Terms and Conditions.
        5. Out-of-Network Services: Nothing herein shall prevent a Member, at his or her own expense, from hiring the services of any other money coach, financial consultant, or any other professional outside of the My Secure Advantage™ Program and it is understood that such services shall be outside of the benefits provided under this the My Secure Advantage™ Program.
        6. Emails and Newsletters: There are four types of email the Member will receive from My Secure Advantage:
          1. System emails, which include calendar reminders and other system generated notices vital to your communication with your Money Coach. These emails you cannot opt-out of.
          2. Newsletters, financial and ID theft “tips,” and webinar notifications are sent periodically to all Members. At the bottom of all of these newsletters is an opt-out link.
          3. Emails to the Member from their Money Coach or Fraud Resolution Specialist - these emails are to facilitate communication about the Member’s financial circumstances and may include forms and templates for the Member’s use.
          4. For Members with an Identity Monitoring benefit, the system will generate email notifications of potentially suspicious activities related to identity theft. You cannot opt-out of these emails.
    3. My Secure Advantage™ Benefits
      1. Benefits: Each Plan will include a specific combination of Benefits. Members should contact the Plan Administrator or their Plan Sponsor to determine the Benefits available to them through their Plan. The following is a list of Benefits that may be available to a Member through their Plan. Benefits may be added and/or removed from this list at any time by the Plan Administrator.
      2. Financial Coaching: Members may have access to a personal Money Coach to work with on an on-going basis. The frequency and duration of access to a Money Coach will vary depending upon the specific Plan purchased by the Self-Paying Member or by the Plan Sponsor Agreement. The personal Money Coach will help the member identify personal financial goals, assess the Member’s financial situation, and provide a suggested action plan to accomplish those goals. Financial coaching sessions are by appointment as requested by the Member and are at times mutually agreed to by both the Member and the personal Money Coach. The duration of each consultation is typically 30 minutes per session. The Money Coach may determine that a longer session is necessary. The frequency of sessions is determined by the Money Coach based upon the progress made during each session. Either the Money Coach or Plan Administrator shall retain absolute discretion to end consultation on any issue where continued consultation will not serve the best interests of the Member.
      3. ID Theft Monitoring/Fraud Resolution:
        1. Identity Monitoring and Fraud Resolution services may be available to a Member through their Plan.
        2. Identity Monitoring: When enrolled in identity monitoring services, the Member’s information is monitored across a network of companies who utilize out of wallet knowledge-based authentication questions to verify an identity during a transaction. The Member will receive a real-time alert via the email on record when the out of wallet knowledge-based authentication questions have been activated.
        3. Fraud Resolution Services: Where Fraud Resolution is included in the Member’s Plan, the Member whose identity has been compromised will receive access to a Fraud Resolution Specialists (FRS) who will address and assist in the effort to repair the Member’s identity. Where comprehensive identity recovery services are included, these services will include, but are not limited to, working with creditors, collection companies, collection law firms and credit reporting agencies. Where comprehensive identity recovery services are included, at the option of the Member, the FRS will serve as a personal advocate in representing the Member in disputing and clearing up fraudulent or incorrect claims and credit records.
        4. Where Identity Fraud Expense Reimbursement Coverage and Unauthorized Electronic Funds Transfers reimbursement are included – the Member will have access to up to a total of $1,000,000* in Unauthorized Electronic Funds Transfers” (UEFT) reimbursement, which includes up to $25,000* in ID Theft Fraud Expense Reimbursement Coverage for certain expenses incurred in reclaiming the Member’s identity, with a zero deductible.
          1. *Identity theft insurance underwritten by subsidiaries or affiliates of American International Group, Inc. The description herein is a summary and intended for informational purposes only and does not include all terms, conditions and exclusions of the policies described. Please refer to the actual policies for terms, conditions, and exclusions of coverage. Coverage may not be available in all jurisdictions.
      4. ID Fraud Expense Reimbursement Coverage:
        1. This is a summary when a Member’s Plan includes access to ID Fraud Expense Reimbursement Coverage: This Summary is provided to inform the Member of the My Secure Advantage™ Plan, that they are entitled to benefits under the Certificate of Insurance. This Summary Description of Benefits does not state all the terms, conditions, and exclusions of the Certificate of Insurance. The Member’s benefits will be subject to all of the terms, conditions, and exclusions of the Master Certificate of Insurance, even if they are not mentioned in this Summary. A complete copy of the Certificate of Insurance will be provided upon request. The Master Policy (“Identity Fraud” Expense Coverage) has been issued to: MY SECURE ADVANTAGE™ Inc. (the “Master Policy Holder”) to provide benefits as described in this Summary.
        2. Includes, subject to limitation:
          1. Lost wages, as a result of time taken off from work to reestablish identity (up to $500 per week for a maximum of four weeks).
          2. Notary and certified mailing costs for completing and delivering fraud affidavits.
          3. Long distance phone calls associated with reporting an identity theft and/or reestablishing a victim’s identity.
          4. Attorney fees incurred (with prior consent) from the insurer for:
            1. Defending suits brought incorrectly by merchants, creditors or collection agencies.
            2. Removing civil judgments and/or criminal convictions wrongly entered against the victim.
      5. For Member’s, whose Plan includes access to Unauthorized Electronic Funds Transfers (UEFT) reimbursement, this coverage includes, subject to limitations:
        1. Unauthorized transfers from a Member’s personal (non-business) deposit account initiated by someone other than the Member and without the Member’s permission.
        2. UEFT covers personal checking, savings and money market accounts, both inside and outside of retirement accounts.
      6. For Member’s, whose Plan includes the insurance coverage described above: To file a claim under the Certificate of Insurance, call 1-888-724-2326, Monday through Friday between the hours of 6:00 am and 8:00 pm PT.
      7. Exclusions and Limitations:
        1. For more information on UEFT reimbursement and ID Theft Fraud Expense Reimbursement coverage, and exclusions, please contact the Plan Administrator. Coverage is provided under the Master Policy issued to My Secure Advantage, Inc.
        2. Coverage is subject to all terms, conditions and limitations of the Master Identity Fraud Reimbursement Expense policy.
        3. UEFT coverage specifically excludes certain accounts and acts. There is no coverage for business accounts of any nature. Members must have first sought reimbursement from the financial institution that issued access and held the funds that were stolen and from which the member has not received reimbursement from any source.
      8. Website:
        1. For Members whose Plan includes access to the website; the Member will have access to a secure, private My Secure Advantage™ website that is a collaborative tool for coaching, which may include highlights and suggestions from the Member’s personal Money Coach. The features that may be accessible through the website include:
          1. MSA Wallet: Members may have access to MSA Wallet, a Personal Financial Management software that will allow Members to track their banking and investment activity across all of their financial accounts. MSA Wallet will allow the Member to set spending and savings goals and provide alerts or notices that may be electronically communicated to the Member. The Member dictates what information, if any, is shared with their personal Money Coach in the MSA Wallet application
          2. Online financial calculators with financial articles
          3. Access to self-help legal forms
          4. On-demand learning through education and instructional videos
      9. Legal/Mediation Referrals: When included in the Member’s Plan, the Member is entitled to one (1) initial thirty-minute office or telephone consultation at no cost with a network attorney or mediator. In the event that the Member wishes to retain a participating attorney or mediator after the initial consultation, the Member will be provided with a preferred rate reduction of 25% from the attorney's normal hourly or fixed fee rate.
      10. Membership Fees for Self-Paying Members can be paid to the Plan Administrator by debit or electronic funds transfer, such as ACH or bank account payments, or by a charge to the Member’s credit/debit card. The Plan Administrator may choose to change the accepted forms of payment from Self-Paying Members at any time.
      11. Changes to Benefits and/or Membership Fees: Unless otherwise defined by a Plan Sponsor Agreement, the Plan Administrator reserves the right to replace vendors, change benefits and/or membership fees at any time. In such event, the Member shall receive no less than thirty (30) days advance notice of the effective date of any changes.
    4. Terms of Self-Payment
      1. A Self-Paying Member will have access to a My Secure Advantage™ Plan for a Membership Fee that is paid by the Self-Paying Member to the Plan Administrator. The Membership Fees and Benefits provided for those fees will be presented to the Member at the time of enrollment. The Self-Paying Member will be the sole arbiter of how long they continue working with their Money Coach under this self-pay arrangement. There are three options for processing payment: Authorized Payroll Deduction, Bank Account Debit, or Credit Card.
        1. Authorized Payroll Deductions - This form of payment is only available to Named Members whose Plan Sponsor offers payroll deductions as an option. When Payroll Deduction is chosen by a Self-Paying Member as his or her payment method, the Self-Paying Member accepts and agrees to these Terms and Conditions. Payroll deductions may be made to the Plan Administrator for those Named Members who elect to continue with the My Secure Advantage™ Program by becoming Self-Paying Members. The Self-Paying Member will authorize a payroll deduction by digital impression from a recorded phone conversation with an MY SECURE ADVANTAGE™ representative. Payroll deductions, based on the periodic payment schedule of employees, will take place such that the total sum deducted in any one month of payroll will not exceed the monthly Membership Fee. Payroll deductions shall continue until the Plan Sponsor’s human resource or payroll department is notified in writing by the Plan Administrator or the Self-Paying Member to discontinue the deductions. The Plan Administrator will submit monthly identification data in a separate digital file for authorizing Self-Paying Members in a format acceptable to the Plan Sponsor. The Plan Sponsor will provide to the Plan Administrator the contact information and data needed to facilitate the payroll deduction process. Authorized Payroll Deductions are not available to Covered Members or memberships purchased directly from MSA.
        2. Bank Account Debit: (ACH - Automated Clearing House) When Debit to the Self-Paying Member’s Bank Account is chosen by a Self-Paying Member as his or her payment method, the Self-Paying Member accepts and agrees to these Terms and Conditions.
        3. Bank Account Payments: By choosing to use a bank account as a payment method, the Self-Paying Member will be able to complete his or her purchase using any valid automated clearing house ("ACH") enabled bank account at a United States-based financial institution. By doing so, the Self-Paying Member is authorizing the Plan Administrator to debit their bank account for the total amount of the purchase (including applicable taxes, fees and shipping costs). To complete the transaction, the Plan Administrator, or an agent acting on its behalf, will create an electronic funds transfer or bank draft, which will be presented to the Self-Paying Member’s bank or financial institution for payment from Self-Paying Member’s bank account. The transaction must be payable in U.S. dollars. The Plan Administrator, in its sole discretion, may refuse this payment option service to anyone or any user without notice for any reason at any time.
        4. Electronic Signature and ACH Authorization: By choosing your bank account as your payment method, the Self-Paying Member agrees that:
          • he or she has read, understands, and agrees to these Terms and Conditions, and that such agreement constitutes a "writing signed by you" under any applicable law or regulation,
          • he or she consents to the electronic delivery of the disclosures contained in these Terms and Conditions
          • he or she authorizes the Plan Administrator (or its agent) to make any inquiries it considers necessary to validate the Self-Paying Member’s dispute, which may include ordering a credit report and performing other credit checks or verifying the information provided against third party databases, and
          • He or she authorizes the Plan Administrator (or its agent) to initiate one or more ACH debit entries (withdrawals) for the specified amount(s) from the Self-Paying Member’s bank account, and the Self-Paying Member authorizes the financial institution that holds his or her bank account to deduct such payments.
      2. Returned Payments: If any payments are returned unpaid, the Plan Administrator reserves the right to charge the Self-Paying Member a returned item fee of twenty-five dollars ($25.00) or the maximum amount allowed by law, which may be added to the Self-Paying Member’s payment amount and debited from his or her bank account if the Plan Administrator re-submits an ACH debit due to insufficient funds. The Plan Administrator may initiate a collection process or legal action to collect unpaid fees. Self-Paying Member agrees to pay all the Plan Administrator’s costs for such action, including any reasonable attorneys' fees.
      3. Customer Service: All questions relating to My Secure Advantage™ orders or any payments made using Self-Paying Member’s bank account should be directed to the Plan Administrator, and not to the financial institution that holds the Self-Paying Member’s bank account. The Plan Administrator may be contacted regarding a Self-Paying Member’s My Secure Advantage™ order or any payments made using his or her bank account by calling the Plan Administrator at 1-888-724-2326.
      4. Error Resolution Policy: If a Self-Paying Member believes that any payment transaction initiated by the Plan Administrator (or its agent) with respect to his or her bank account is erroneous, or if the Self-Paying Member needs more information about any such transaction, he or she should contact the Plan Administrator as soon as possible by telephone or email using the telephone number or email address provided in Section 4 of these Terms and Conditions. In any event, the Plan Administrator must hear from the Self-Paying Member no later than 90 days after the date the questionable transaction FIRST appeared on the Self-Paying Member’s bank account statement. When contacting Plan Administrator, provide the following information:
        1. Self-Paying Member’s name and the email address associated with the Self-Paying Member’s My Secure Advantage™ customer account
        2. a description of the error or the transfer Self-Paying Member is unsure about, and a clear explanation as to what is believed to be in error or why more information is needed,
        3. the dollar amount of the suspected error,
        4. the transaction date and associated transaction identification number from Self-Paying Member’s bank account statement,
        5. a telephone number at which the Self-Paying Member can be reached in case the Plan Administrator needs further information,
        6. the telephone number of the bank, and
        7. That portion of Self-Paying Member’s bank account statement containing the My Secure Advantage™ transaction information (if requested).
        8. If the information is provided to Plan Administrator orally, the Plan Administrator may require that the complaint or question be sent to the Plan Administrator in writing within ten (10) business days. A "Business Day" means Monday through Friday, excluding federal banking holidays.
      5. Our Liability: If the Plan Administrator fails to debit the Self-Paying Member’s bank account in accordance with these Terms and Conditions, in the correct amount, it may be liable for certain losses directly caused by its failure as the law may impose in such cases. However, the Plan Administrator will not be liable where:
        1. The Self-Paying Member does not have enough money in their bank account.
        2. Self-Paying Member’s bank account is closed, or withdrawals are restricted.
        3. Terminal or system was not working properly and the Self-Paying Member was advised of that prior to when he or she initiated the payment.
        4. Circumstances beyond the Plan Administrator’s control (such as flood, fire, power outages, mechanical or system failures).
        5. Self-Paying Member’s financial institution refuses to honor an ACH debit.
        6. The Self-Paying Member’s instructions were lost or delayed in transmission to the Plan Administrator.
        7. A reasonable security concern, such as unauthorized use, causes the Plan Administrator to not honor the Self-Paying Member’s instructions.
        8. This payment option has been discontinued or suspended.
        9. The Plan Administrator advised the Self-Paying Member that their request would not be processed; and
        10. Other exceptions allowed by law. If the Plan Administrator’s error was unintentional and resulted from a bona fide error, its liability is limited to actual damages, which shall not to exceed the total sum of those charges deducted from the Self-Paying Member’s account in error.
    5. CREDIT CARD PAYMENTS
      1. When a charge to the Self-Paying Member’s Credit Card is chosen by a Self-Paying Member as his or her payment method, the Self-Paying Member accepts and agrees to these Terms and Conditions.
      2. By choosing this payment method the Self-Paying Member will be able to complete his or her purchase using any valid Visa, MasterCard, American Express, or Discover account. Whenever the Self-Paying Member chooses to pay for an order using their credit card, he or she is authorizing the Plan Administrator to charge their credit card for the total amount of purchase, which includes monthly charges or other recurring charges. To complete the transaction, the Plan Administrator, or an agent acting on its behalf, will create a credit card charge equal to the Self-Paying Member’s "Purchase Total", which will be presented to his or her credit card account. The transaction must be payable in U.S. dollars. The Plan Administrator, in its sole discretion, may refuse this payment option service to anyone or any user without notice for any reason at any time.
      3. Electronic Signature: By choosing your credit card as your payment method, the Self-Paying Member agrees that:
        1. He or she has read, understands, and agree to these Terms and Conditions, and that such agreement constitutes a "writing signed by you" under any applicable law or regulation,
        2. He or she consents to the electronic delivery of the disclosures contained in these Terms and Conditions,
        3. He or she authorizes the Plan Administrator (or its agent) to make any inquiries it considers necessary to validate Self-Paying Member’s dispute, which may include ordering a credit report and performing other credit checks or verifying the information provided against third party databases, and
        4. He or she authorizes the Plan Administrator (or its agent) to initiate one or more credit card charges for the specified amount(s).
      4. Returned Payments: If any payments are returned unpaid, the Plan Administrator reserves the right to charge the Self-Paying Member an insufficient funds fee of twenty-five dollars ($25.00).
      5. Customer Service: All questions relating to My Secure Advantage™ orders or any payments made using the Self-Paying Member’s credit card should be directed to the Plan Administrator, and not to the Self-Paying Member’s credit card company. My Secure Advantage™ 1-888-724-2326 will show up on the Self-Paying Member’s credit card descriptor. The Self-Paying Member may contact the Plan Administrator regarding his or her My Secure Advantage™ order or any payments made using his or her credit card by calling us at 1-888-724-2326.
      6. Error Resolution Policy: If a Self-Paying Member believes that any payment transaction initiated by the Plan Administrator (or its agent) with respect to his or her credit card is erroneous, or if the Self-Paying Member needs more information about any such transaction, he or she should contact the Plan Administrator as soon as possible by telephone or email using the telephone number or email address provided in section (4) of these Terms and Conditions. In any event, the Plan Administrator must hear from the Self-Paying Member no later than 90 days after the date the questionable transaction FIRST appeared on the Self-Paying Member’s credit card account statement. When contacting the Plan Administrator, provide us with the following information:
        1. Self-Paying Member’s name and the email address associated with their My Secure Advantage™ customer account,
        2. a description of the error or the payment the Self-Paying Member unsure about, and a clear explanation as to what is believed to be in error or why more information is needed,
        3. the dollar amount of the suspected error,
        4. the transaction date and associated transaction identification number from Self-Paying Member’s credit card account statement,
        5. a telephone number at which the Self-Paying Member can be reached in case the Plan Administrator needs further information,
        6. the telephone number of the credit card company, and
        7. that portion of Self-Paying Member’s credit card account statement containing the My Secure Advantage™ transaction information (if requested)
        8. If the information is provided to the Plan Administrator orally, the Plan Administrator may require that the complaint or question be sent to the Plan Administrator in writing within ten (10) business days. A "business day" means Monday through Friday, excluding federal banking holidays.
      7. Our Liability: If the Plan Administrator fails to charge the Self-Paying Member’s credit card account in accordance with these Terms and Conditions, in the correct amount, it may be liable for certain losses directly caused by our failure as the law may impose in such cases. However, the Plan Administrator will not be liable where:
        1. The Self-Paying Member’s credit card returns as insufficient funds.
        2. The Self-Paying Member’s credit card account is closed or charges restricted.
        3. Any terminal or system was not working properly and the Self-Paying Member was advised of that before he or she initiated the payment.
        4. Circumstances beyond the Plan Administrator’s control (such as flood, fire, power outages, mechanical or system failures).
        5. Self-Paying Member’s credit card company refuses to honor the transaction.
        6. The Self-Paying Member’s instructions are lost or delayed in transmission to us.
        7. A reasonable security concern, such as unauthorized use, causes the Plan Administrator not to honor the Self-Paying Member’s instructions.
        8. This payment option has been discontinued or suspended.
        9. The Plan Administrator advised the Self-Paying Member that their request would not be processed.
        10. Other exceptions allowed by law. If the Plan Administrator’s error was unintentional and resulted from a bona fide error, its liability is limited to actual damages, which shall not to exceed the total sum of those charges deducted from Self-Paying Member’s credit card account in error.
    6. CANCELLATION POLICY:
      1. The Self-Paying Member may cancel his or her membership at any time by calling us at 1-888-724-2326 and ask for an MY SECURE ADVANTAGE™ Representative. For any such cancellations, the following rules apply:
      2. Definitions
        1. Billing Day: The same day each month as the enrollment date. For example, if the enrollment date = June 5, the billing day in subsequent months = July 5, August 5, September 5, and so on.
        2. Billing Month: A one-month period that commences on the billing day and ends on the day before the next billing day. For example, if the enrollment date is June 5, the billing months would be as follows:
          • Billing month 1 = June 5 - July 4
          • Billing month 2 = July 5 - August 4
          • Billing month 3 = August 5 - September 4
          • And so on.
        3. Billing Period: The period of time that corresponds with billing frequency:
          • Monthly = 1 billing month
          • Quarterly = 3 billing months
          • Annually = 12 billing months
      3. Rules
        1. Cancellations within the first five (5) calendar days of the billing period: If you cancel within (5) days of the start of your billing period, you are entitled to a full refund for that billing month, and all future billing months, in your billing period (for which you have paid).
        2. Cancellations after six (6) or more calendar days after start of billing period: If you cancel (6) days or more after the start of your billing period, you will receive a full refund for all subsequent billing months remaining in the billing period (for which you have paid). You will be entitled to full identity theft benefits during the billing month in which the cancellation notice is received by Plan Administrator.
    7. Security
      1. Data Security: The My Secure Advantage™ Website uses SSL-encryption technology when transferring and receiving member data. This same level of encryption is used if Member information is transferred to an affiliate’s website. We have employed reliable encryption services to protect against the loss, misuse, or alteration of information that has been collected from members. The servers that store personally identifiable information on are kept in a secure environment. We take reasonable security measures to protect against unauthorized access to or the unauthorized alteration, disclosure or destruction of data. These include daily malware scanning, PCI compliant network vulnerability scans, regular network penetration testing, internal reviews of data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems where personal data are stored. We restrict access to personal information to employees, contractors and agents who need to know information in order to operate, develop or improve our services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations. Although we strive to have to have the best security, perfect security is unattainable; you understand and agree that there is a certain intrinsic risk in transmitting data over the internet.
      2. Hosting Provider: MySecureAdvantage.com uses Amazon AWS Elastic Compute Cloud (EC2) hosting environments. Security within Amazon EC2 is provided on multiple levels; the operating system (OS) of the host system, the virtual instance operating system or guest OS, a stateful firewall and signed API calls. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
        • ISO 27001
        • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
        • PCI Level 1
        • FISMA Moderate
        • Sarbanes-Oxley (SOX)
        For a complete breakdown of Amazon hosting security processes please refer to: https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf
        1. Host Operating System: AWS administrators are required to use their individual cryptographically strong SSH keys to gain access to a bastion host. These bastion hosts are specifically built systems that are designed and configured to protect the management plane of the cloud. Once connected to the bastion, authorized administrators are able to use a privileged escalation command to gain access to an individual host. All such accesses are logged and routinely audited. When an AWS employee no longer has a business need to administer EC2 hosts, their privileges on and access to the bastion hosts are revoked.
        2. Guest Operating System: Virtual instances are completely controlled by the customer. They have full root access and all administrative control over additional accounts, services, and applications. AWS administrators do not have access to customer instances and cannot log into the guest OS. Customers should disable password-based access to their hosts and utilize token or key-based authentication to gain access to unprivileged accounts. Further, customers should employ a privilege escalation mechanism with logging on a per-user basis. For example, if the guest OS is Linux, utilize SSH with keys to access the virtual instance, enable shell command-line logging, and use the 'sudo' utility for privilege escalation. Customers should generate their own key pairs to guarantee that they are unique and not shared with other customers or with AWS.
        3. Firewall: Amazon EC2 provides a complete firewall solution; this mandatory inbound firewall is configured in a default deny mode and the Amazon EC2 customer must explicitly open any ports to allow inbound traffic. The traffic may be restricted by protocol, by service port, as well as by source IP address (individual IP or CIDR block). The firewall can be configured in groups permitting different classes of instances to have different rules, for example the case of a traditional three-tiered web application. The group for the web servers would have port 80 (HTTP) and port 443 (HTTPS) open to the world. The group for the application servers would have port 8000 (application specific) accessible only to the web server group. The group for the database servers would have port 3306 (MySQL) open only to the application server group. All three groups would permit administrative access on port 22 (SSH), but only from the customer's corporate network. Highly secure applications can be deployed using this expressive mechanism. The firewall is controlled not by the host/instance itself, however requires the customer's X.509 certificate and key to authorize changes, thus adding an extra layer of security. Within EC2, the host administrator and cloud administrator can be separate people, permitting two-man rule security policies to be enforced. In addition, AWS encourages customers to apply additional per-instance filters with host-based firewalls such as IPtables. This can restrict both inbound and outbound traffic on each instance. The level of security afforded by the firewall is a function of which ports are opened by the customer, and for what duration and purpose. The default state is to deny all incoming traffic, and developers should plan carefully what they will open when building and securing their applications. Well-informed traffic management and security design is still required on a per-instance basis.
        4. API: Calls to launch and terminate instances, change firewall parameters, and perform other functions are all signed by an X.509 certificate or the customer's Amazon Secret Access Key. Without access to the customer's Secret Access Key or X.509 certificate, Amazon EC2 API calls cannot be made on their behalf. In addition, API calls can be encrypted in transit with SSL to maintain confidentiality. Amazon recommends always using SSL-protected API endpoints.
        5. The Hypervisor: Amazon EC2 currently utilizes a highly customized version of the Xen hypervisor, taking advantage of paravirtualization. Because para-virtualized guests rely on the hypervisor to provide support for operations that normally require privileged access, it is possible to run the guest OS with no elevated access to the CPU. This explicit virtualization of the physical resources leads to a clear separation between guest and hypervisor, resulting in strong security separation between the two.
        6. Instance Isolation: Different instances running on the same physical machine are isolated from each other utilizing the Xen hypervisor. Amazon is an active participant and contributor within the Xen community, which ensures awareness of potential pending issues. In addition, the aforementioned firewall resides within the hypervisor layer, between the physical interface and the instance's virtual interface. All packets must pass through this layer, thus an instance's neighbors have no additional access to that instance, and can be treated as if they are on separate physical hosts. The physical RAM is separated using similar mechanisms. Customer instances have no access to raw disk devices, but instead are presented with virtualized disks. The AWS proprietary disk virtualization layer automatically wipes every block of storage used by the customer and guarantees that one customer's data is never exposed to another. Note that unintentionally leaving data on disk devices is only one possible breach of confidentiality; many others exist, and for this reason AWS recommends that customers further protect their data using appropriate means. One common solution is to run an encrypted file system on top of the virtualized disk device.
        7. Network Security: The Amazon AWS network provides significant protection against traditional network security issues and further protection is added as new threats rise. A few of these threats and how they are averted is described below.
        8. Distributed Denial Of Service (DDoS) Attacks: AWS API endpoints are hosted on the same Internet-scale, world class infrastructure that supports the Amazon.com retail site. Standard DDoS mitigation techniques such as syn cookies and connection limiting are used. To further mitigate the effect of potential DDoS attacks, Amazon maintains internal bandwidth which exceeds its provider-supplied Internet bandwidth.
        9. Man In The Middle (MITM) Attacks: All of the AWS APIs are available via SSL-protected endpoints which provides server authentication. Amazon EC2 AMIs automatically generates new SSH host keys on first boot and log them to the console. Customers can then use the secure APIs to call the console and access the host keys before logging into the instance for the first time. Customers are encouraged to use the SSL endpoints for all of their interactions with AWS.
        10. IP Spoofing: Amazon EC2 instances cannot send spoofed traffic. The Amazon -controlled, host-based firewall infrastructure will not permit an instance to send traffic with a source IP or MAC address other than its own.
        11. Port Scanning: Port scans by Amazon EC2 customers are a violation of the Amazon EC2 Acceptable Use Policy (AUP). Violations of the AUP are taken seriously, and every reported violation is investigated. When Port scanning is detected it is stopped and blocked. Port scans of Amazon EC2 instances are generally ineffective because, by default, all inbound ports on Amazon EC2 instances are closed.

          The customer's strict management of security groups can further mitigate the threat of port scans. If the customer configures the security group to allow traffic from any source to a specific port, then that specific port will be vulnerable to a port scan. In these cases, the customer must use appropriate security measures to protect listening services that may be essential to their application from being discovered by an unauthorized port scan. For example, a web server must clearly have port 80 (HTTP) open to the world, and the administrator of this server is responsible for ensuring the security of the HTTP server software, such as Apache.
        12. Packet Sniffing By Other Tenants: It is not possible for a virtual instance running in promiscuous mode to receive or "sniff" traffic that is intended for a different virtual instance. While customers can place their interfaces into promiscuous mode, the hypervisor will not deliver any traffic to them that is not addressed to them. This includes two virtual instances that are owned by the same customer, even if they are located on the same physical host. Attacks such as ARP cache poisoning do not work within EC2. While Amazon EC2 does provide ample protection against one customer inadvertently or maliciously attempting to view another's data, as a standard practice, customers should encrypt sensitive traffic.
        13. Physical Security: AWS data centers are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff. AWS only provides data center access and information to employees and contractors who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical access to data centers by AWS employees is logged and audited routinely. AWS data centers have automatic fire detection and suppression equipment, redundant electrical power systems, climate and temperature controls. When a storage device has reached the end of its useful life, AWS procedures include a decommissioning process that is designed to prevent customer data from being exposed to unauthorized individuals. AWS uses the techniques detailed in DoD 5220.22-M (“National Industrial Security Program Operating Manual “) or NIST 800-88 (“Guidelines for Media Sanitization”) to destroy data as part of the decommissioning process. All decommissioned magnetic storage devices are degaussed and physically destroyed in accordance with industry-standard practices.
        14. Access to the Hosting Provider: MY SECURE ADVANTAGE™ connects to the Amazon EC2 environments through a virtual private cloud (VPC) with a public subnet and a private subnet. This allows MY SECURE ADVANTAGE™ to run a public-facing web application, while maintaining back-end servers that aren't publicly accessible. The instances in the public subnet can receive inbound traffic directly from the Internet, whereas the instances in the private subnet can't. The instances in the public subnet can send outbound traffic directly to the Internet, whereas the instances in the private subnet can't. Instead, the instances in the private subnet can access the Internet by using a network address translation (NAT) instance that is launched into the public subnet.
        15. Configuration Security: AWS provides two features to increase security in the VPC: security groups and network ACLs. Both features enable control of the inbound and outbound traffic for the instances, but security groups work at the instance level, while network ACLs work at the subnet level. Both security groups and network ACLs are used to provide an additional layer of security. Information Collected: In order to provide Members with the MY SECURE ADVANTAGE™ Wellness Plan and the My Secure Advantage™ Plan, two types of information may be collected; Personally Identifiable Information and Non-Personally Identifiable Information.
      3. Plan Sponsor Provided Benefit: Your Plan Sponsor may not have independently verified the security of the MY SECURE ADVANTAGE™ Website. By using the MY SECURE ADVANTAGE™ Website, you agree that your Plan Sponsor is not responsible for any security breach to the MY SECURE ADVANTAGE™ Website, and agree to indemnify and hold harmless your Plan Sponsor, Plan Sponsor’s affiliates, officers, directors, and employees from and against all losses, damages, liabilities, deficiencies, actions, judgements, costs, or expenses of whatever kind arising out of, or resulting from, any security breach of the MY SECURE ADVANTAGE™ Website.
      4. Password Management: To protect your MySecureAdvantage Account, keep your password confidential. You are responsible for managing the security of your password and the resulting activity that happens on or through your MySecureAdvantage Account should your password be compromised. Try not to reuse your password on third-party applications. If you learn of any unauthorized use of your password or MySecureAdvantage Account, please go to your account and change your password. Please notify MySecureAdvantage by calling 888-724-2326.