MY SECURE ADVANTAGE™

TERMS AND CONDITIONS

Managed by CLC Incorporated

Last Updated on 5/16/2016

  1. My Secure Advantage™ Program
    1. Definitions
      1. Plan: Plan shall mean the My Secure Advantage™ Program which consists of (1) the MSA Financial Wellness Plan, covered by an employer-paid wellness period and (2) the My Secure Advantage™ Plan which is a self-paid plan for members who are at the end of their employer-paid wellness period.
      2. Named Member: Named Member shall mean the employee who is enrolled in the Plan through the employee’s Plan Sponsor or under a Self-Paying arrangement.
      3. Covered Member: Covered Member shall mean others who are covered by a Named Member’s benefit.
      4. Self-Paying Member: A voluntary program where a Member has reached the end of their employer-paid Plan benefit period and has chosen to continue to receive Plan benefits under a self-pay arrangement with the Plan Administrator.
      5. Member: Named Member and Covered Member, collectively.
      6. Plan Sponsor: Plan Sponsor shall mean the Named Member’s Employer.
      7. Plan Administrator: Plan Administrator shall mean the CLC Incorporated (CLC), which is located at 3001 Lava Ridge Court, Suite 250, Roseville, CA 95661.
      8. Money Coach: Money Coach shall mean certain professional individuals who are employees of the Plan Administrator and who collectively provide the financial services described in these Terms and Conditions.
      9. Benefit Categories: Benefit Categories shall mean the following four categories into which the Plan Administrator has grouped the services described in these Terms and Conditions: Financial Coaching, ID Theft Monitoring/Fraud Resolution, MSA Website, and Access Legal/ Mediation.
      10. Third Party Provider: Third Party Provider shall mean all Attorneys, Accountants, Mediators and certain other professional individuals who have agreed to offer their services to Members for a discounted fee. Members may choose to access Third Party Provider services at the Member’s discretion and under a separate agreement between the Third Party Provider and the Member.
      11. MSA Wellness Program: MSA Wellness Plan shall mean when a Plan Sponsor has chosen to pay the Plan Administrator to grant access to the Plan for its employees (Named Members) and their eligible family members (Covered Members). The specific Benefit Categories and duration of coverage are defined by a separate agreement (“Agreement”) between the Plan Sponsor and Plan Administrator. If there is a discrepancy between these Terms and Conditions and that Agreement between a Plan Sponsor and the Plan Administrator, the Agreement shall prevail.
    2. Descriptions/Exclusions/Conditions that apply to both Plans
      1. MSA Wellness Plan
        1. Term - this Plan is funded by a Plan Sponsor and coverage begins and ends based upon the specific terms of the Agreement between the Plan Sponsor and Plan Administrator.
        2. Benefits - The specific scope of services provided with an MSA Wellness Plan is defined by the Agreement between the Plan Sponsor and Plan Administrator.
      2. My Secure Advantage Plan
        1. Term - this Plan is funded by a Self-Paying Member and coverage begins on the day that a payment from the Self-Paying Member is received by the Plan Administrator. Coverage continues on a month-to-month basis and ends when terminated by the Plan Administrator, the Self-Paying Member or the Plan Sponsor (if applicable).
        2. Benefits specific to the My Secure Advantage Plan’s Self-Paying Members are detailed in Section D below.
        3. Cancellation of Self-Paying Member’s Plan: The Plan Administrator, in its sole discretion, reserves the right to cancel a Self-Paying Member’s Plan for any reason, including either fraud or non-payment of membership fees. The Self-Paying Member may cancel their Plan at any time by giving written notice to the Plan Administrator.
      3. Professional Judgment of the Money Coach or Fraud Resolution Specialist: The Plan Administrator will in no way influence or attempt to affect the rendering of eligible services by a Money Coach or FRS. The Money Coach and FRS will provide objective and independent financial coaching and ID theft recovery advice to the best of his or her ability. In addition, if the Money Coach or FRS makes the decision that it is not in the best interests of Plan Administrator to advise/pursue a matter/claim on behalf of the member, then all services may be immediately terminated in the sole discretion of the Money Coach or FRS.
      4. Professional Judgment of a Third Party Provider: The Third Party Provider has the sole right to determine (in his or her professional judgment) whether or not a claim or defense under any Benefit Category constitutes a frivolous or otherwise unmeritorious claim or defense. This includes decisions to appeal any judgment or decision. Further:
        1. The Third Party Provider reserves the right to make independent professional judgments regarding the presentation of same.
        2. The Plan Administrator will in no way influence or attempt to affect the rendering of eligible services by a Third Party Provider.
        3. Any errors and omissions of a Third Party Provider are his or her sole responsibility. No such liability will be assumed or incurred by either the Plan Administrator or the Plan Sponsor.
      5. Membership Fees
        1. MSA Wellness Plan - membership fees for this Plan are paid by the Member’s Plan Sponsor and are governed by a Master Services Agreement between Plan Administrator and Plan Sponsor.
        2. My Secure Advantage Plan - membership fees for this Plan are paid by the Member and are governed by the conditions of Section D. of these Terms and Conditions.
      6. Excluded Costs: Fines, court costs, penalties, expert witness fees, bonds, bail bonds, fees established by state statute and other such out-of-pocket expenses are not covered by the benefits described in this Agreement. Any such costs will need to be paid by the Named Member and Covered Member under the terms of the Attorney or Accountant or Mediator-Client Contract described in Section 9 below.
      7. Attorney or Accountant or Mediator-Client Contract: All legal and accounting services shall be subject to terms of an Attorney or Accountant or Mediator-Client Contract to be executed by the Member prior to the time services are rendered. Said contract shall require payments by the Member to the Third Party Provider for any anticipated out-of-pocket costs, plus a retainer that covers all reasonably anticipated legal services not covered by the Agreement.  Appropriate dollar amounts for said retainer and any anticipated out-of-pocket costs shall be determined by the Third Party Provider (in his or her sole discretion). The Member will not be eligible to receive his or her requested benefit unless and until such payments have been made.
      8. Exclusions Applicable to All Benefit Categories - the following financial or legal matters and services are specifically excluded from coverage under any of the benefit categories described in any Agreement or in these Terms and Conditions:
        1. Services Available Under Other Plans or Forms of Insurance: Any financial or legal service that is available to the Member under another plan or form of insurance, unless such plan or form of insurance permits subrogation rights and/or third party indemnification.
        2. Actions Involving Other Parties: Any legal matter involving an adversarial relationship between or among the parties, including, but is not limited to, the Member, the Plan Sponsor, the Plan Administrator and any Third Party Provider(s).
        3. Actions Involving Employment: Any actions arising from the Member’s employment.
        4. Class Action Lawsuits and Similar Actions: Class actions, interventions, appeals or amicus curiae filings.
        5. Conflicts of Interest: Any matter or service that is found by the Third Party Provider to be in conflict of interest with his or her practice.
        6. Frivolous or Groundless Claims: Any claim or defense which is deemed by a Third Party Provider (at his or her sole discretion) to be frivolous or groundless.
        7. Respondeat Superior: A Member may not receive coverage solely as a result of the doctrine of Respondeat Superior.
        8. Issues involving Professional Licensing and Codes of Ethics: Any matter or service which might subject the professional provider to either ethical considerations or licensing concerns.
        9. Payments to Third Party Providers: When it is determined by the Member, with the assistance of the staff Money Coach, that outside services are necessary, the Covered Member shall contract directly with the Third Party Provider and shall pay for all professional services fees and costs directly to the Third Party Provider and shall be solely responsible for payment. All such fees and costs shall be non-refundable.
      9. Miscellaneous
        1. Complaint Resolution: Should the Member at any time have a complaint with or concern regarding the services provided by staff or a professional provider, the Member may call or send a written notice to the Plan Administrator. The Plan Administrator may contact the Member for additional information, as well as, the staff Money Coach or the Third Party Provider for input, within five (5) business days of receipt of the notice.  The Plan Administrator will attempt to resolve the complaint within thirty (30) days or less of the notice.  The Member will be advised throughout the process of the steps being taken to resolve the matter, via telephone, email or an acceptable means of communication to the Member.  The Member expressly waives all matters of confidentiality for purposes of investigating and resolving any complaints or concerns.
        2. Binding Arbitration: In the event that any controversy or claim arises between the Named Member, Covered Member, the Plan Administrator, any Money Coach, or any combination thereof, which is pursuant to these Terms and Conditions or pertains to services rendered under the My Secure Advantage Program which cannot be resolved by mutual agreement between the disputing parties, then such controversy or claim shall be submitted for settlement by binding arbitration in accordance with the then-current rules of the American Arbitration Association as full recourse between the disputing parties.
          1. The arbitrator(s) shall have the power to decide any dispute between the parties concerning the application or interpretation of these Terms and Conditions or the rendering of any service under the My Secure Advantage Program.  Any such decision rendered by the arbitrator(s) shall be final and binding upon all parties, but said arbitrator(s) shall have no power to change or add to the provisions of these Terms and Conditions or the rendering of services under the My Secure Advantage Program.
          2. If such arbitration includes the Plan Administrator, a Money Coach, or any employee of CLC, the location of the arbitration shall be Roseville, California. Prior to the beginning of the arbitration, each disputing party shall pay an equal share of the estimated cost of arbitration.
        3. Integration: These Terms and Conditions represent the entire agreement between the Plan Administrator and the Self-Paying Member and supersede any advertisements, letters, articles, or written or oral statements, which pre-date or were made contemporaneously with these Terms and Conditions.
        4. Severance Clauses: If any section of these Terms and Conditions is deemed null and void, such section shall be severed and shall not affect the validity of the rest of these Terms and Conditions.
        5. Out-of-Network Services: Nothing herein shall prevent a Member, at his or her own expense, from hiring the services of any other money coach, financial consultant, or any other professional outside of the My Secure Advantage Program and it is understood that such services shall be outside of the benefits provided under this the My Secure Advantage Program.
        6. Emails and Newsletters: There are four types of email the Member will receive from My Secure Advantage;
          1. System emails which include calendar reminders and other system generated notices vital to your communication with your Money Coach. These emails you cannot opt-out of.
          2. Newsletters, financial and ID theft “tips,” and webinar notifications are sent periodically to all Members. At the bottom of all of the newsletters is an opt-out link.
          3. Emails to the Member from their Money Coach or Fraud Resolution Specialist - these emails are to facilitate communication about the Member’s financial circumstances and may include forms and templates for the Member’s use.
          4. For Members with an Identity Monitoring benefit, the system will generate email notifications of potentially suspicious activities related to identity theft. You cannot opt-out of these emails.
    3. Security
      1. Data Security: The MSA Website uses SSL-encryption technology when transferring and receiving member data. This same level of encryption is used if Member information is transferred to an affiliate’s website.  We have employed reliable encryption services to protect against the loss, misuse, or alteration of information that has been collected from members.  The servers that store personally identifiable information on are kept in a secure environment.  We take reasonable security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. 
        These include daily malware scanning, PCI compliant network vulnerability scans, regular network penetration testing, internal reviews of data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems where personal data are stored. We restrict access to personal information to employees, contractors and agents who need to know that information in order to operate, develop or improve our services.  These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.

        Although we strive to have to have the best security, perfect security is unattainable; you understand and agree that there is a certain intrinsic risk in transmitting data over the internet.

      2. Hosting Provider

        Overview

        MySecureAdvantage.com uses Amazon AWS Elastic Compute Cloud (EC2) hosting environments. Security within Amazon EC2 is provided on multiple levels; the operating system (OS) of the host system, the virtual instance operating system or guest OS, a stateful firewall and signed API calls. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:

        • ISO 27001
        • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
        • PCI Level 1
        • FISMA Moderate
        • Sarbanes-Oxley (SOX)

        For a complete breakdown of Amazon hosting security processes please refer to: https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf

        Host Operating System

        AWS administrators are required to use their individual cryptographically strong SSH keys to gain access to a bastion host. These bastion hosts are specifically built systems that are designed and configured to protect the management plane of the cloud. Once connected to the bastion, authorized administrators are able to use a privilege escalation command to gain access to an individual host. All such accesses are logged and routinely audited. When an AWS employee no longer has a business need to administer EC2 hosts, their privileges on and access to the bastion hosts are revoked.

        Guest Operating System

        Virtual instances are completely controlled by the customer. They have full root access and all administrative control over additional accounts, services, and applications. AWS administrators do not have access to customer instances, and cannot log into the guest OS. Customers should disable password-based access to their hosts and utilize token or key-based authentication to gain access to unprivileged accounts. Further, customers should employ a privilege escalation mechanism with logging on a per-user basis. For example, if the guest OS is Linux, utilize SSH with keys to access the virtual instance, enable shell command-line logging, and use the 'sudo' utility for privilege escalation. Customers should generate their own key pairs in order to guarantee that they are unique, and not shared with other customers or with AWS.

        Firewall

        Amazon EC2 provides a complete firewall solution; this mandatory inbound firewall is configured in a default deny mode and the Amazon EC2 customer must explicitly open any ports to allow inbound traffic. The traffic may be restricted by protocol, by service port, as well as by source IP address (individual IP or CIDR block).

        The firewall can be configured in groups permitting different classes of instances to have different rules, for example the case of a traditional three-tiered web application. The group for the web servers would have port 80 (HTTP) and port 443 (HTTPS) open to the world. The group for the application servers would have port 8000 (application specific) accessible only to the web server group. The group for the database servers would have port 3306 (MySQL) open only to the application server group. All three groups would permit administrative access on port 22 (SSH), but only from the customer's corporate network. Highly secure applications can be deployed using this expressive mechanism.

        The firewall is controlled not by the host/instance itself, but requires the customer's X.509 certificate and key to authorize changes, thus adding an extra layer of security. Within EC2, the host administrator and cloud administrator can be separate people, permitting two man rule security policies to be enforced. In addition, AWS encourages customers to apply additional per-instance filters with host-based firewalls such as IPtables. This can restrict both inbound and outbound traffic on each instance.

        The level of security afforded by the firewall is a function of which ports are opened by the customer, and for what duration and purpose. The default state is to deny all incoming traffic, and developers should plan carefully what they will open when building and securing their applications. Well-informed traffic management and security design is still required on a per-instance basis.

        API

        Calls to launch and terminate instances, change firewall parameters, and perform other functions are all signed by an X.509 certificate or the customer's Amazon Secret Access Key. Without access to the customer's Secret Access Key or X.509 certificate, Amazon EC2 API calls cannot be made on their behalf. In addition, API calls can be encrypted in transit with SSL to maintain confidentiality. Amazon recommends always using SSL-protected API endpoints.

        The Hypervisor

        Amazon EC2 currently utilizes a highly customized version of the Xen hypervisor, taking advantage of paravirtualization. Because paravirtualized guests rely on the hypervisor to provide support for operations that normally require privileged access, it is possible to run the guest OS with no elevated access to the CPU. This explicit virtualization of the physical resources leads to a clear separation between guest and hypervisor, resulting in strong security separation between the two.

        Instance Isolation

        Different instances running on the same physical machine are isolated from each other utilizing the Xen hypervisor. Amazon is an active participant and contributor within the Xen community, which ensures awareness of potential pending issues. In addition, the aforementioned firewall resides within the hypervisor layer, between the physical interface and the instance's virtual interface. All packets must pass through this layer, thus an instance's neighbors have no additional access to that instance, and can be treated as if they are on separate physical hosts. The physical RAM is separated using similar mechanisms.

        Customer instances have no access to raw disk devices, but instead are presented with virtualized disks. The AWS proprietary disk virtualization layer automatically wipes every block of storage used by the customer, and guarantees that one customer's data is never exposed to another. Note that unintentionally leaving data on disk devices is only one possible breach of confidentiality; many others exist, and for this reason AWS recommends that customers further protect their data using appropriate means. One common solution is to run an encrypted file system on top of the virtualized disk device.

        Network Security

        The Amazon AWS network provides significant protection against traditional network security issues and further protection is added as new threats rise. A few of these threats and how they are averted is described below.

        Distributed Denial Of Service (DDoS) Attacks

        AWS API endpoints are hosted on the same Internet-scale, world class infrastructure that supports the Amazon.com retail site. Standard DDoS mitigation techniques such as syn cookies and connection limiting are used. To further mitigate the effect of potential DDoS attacks, Amazon maintains internal bandwidth which exceeds its provider-supplied Internet bandwidth.

        Man In the Middle (MITM) Attacks

        All of the AWS APIs are available via SSL-protected endpoints which provides server authentication. Amazon EC2 AMIs automatically generates new SSH host keys on first boot and log them to the console. Customers can then use the secure APIs to call the console and access the host keys before logging into the instance for the first time. Customers are encouraged to use the SSL endpoints for all of their interactions with AWS.

        IP Spoofing

        Amazon EC2 instances cannot send spoofed traffic. The Amazon -controlled, host-based firewall infrastructure will not permit an instance to send traffic with a source IP or MAC address other than its own.

        Port Scanning

        Port scans by Amazon EC2 customers are a violation of the Amazon EC2 Acceptable Use Policy (AUP). Violations of the AUP are taken seriously, and every reported violation is investigated. When Port scanning is detected it is stopped and blocked. Port scans of Amazon EC2 instances are generally ineffective because, by default, all inbound ports on Amazon EC2 instances are closed.

        The customer's strict management of security groups can further mitigate the threat of port scans. If the customer configures the security group to allow traffic from any source to a specific port, then that specific port will be vulnerable to a port scan. In these cases, the customer must use appropriate security measures to protect listening services that may be essential to their application from being discovered by an unauthorized port scan. For example, a web server must clearly have port 80 (HTTP) open to the world, and the administrator of this server is responsible for ensuring the security of the HTTP server software, such as Apache.

        Packet Sniffing By Other Tenants

        It is not possible for a virtual instance running in promiscuous mode to receive or "sniff" traffic that is intended for a different virtual instance. While customers can place their interfaces into promiscuous mode, the hypervisor will not deliver any traffic to them that is not addressed to them. This includes two virtual instances that are owned by the same customer, even if they are located on the same physical host. Attacks such as ARP cache poisoning do not work within EC2. While Amazon EC2 does provide ample protection against one customer inadvertently or maliciously attempting to view another's data, as a standard practice customers should encrypt sensitive traffic.

        Physical Security

        AWS data centers are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff. AWS only provides data center access and information to employees and contractors who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical access to data centers by AWS employees is logged and audited routinely.

        AWS data centers has automatic fire detection and suppression equipment, redundant electrical power systems, climate and temperature controls.

        When a storage device has reached the end of its useful life, AWS procedures include a decommissioning process that is designed to prevent customer data from being exposed to unauthorized individuals. AWS uses the techniques detailed in DoD 5220.22-M (“National Industrial Security Program Operating Manual “) or NIST 800-88 (“Guidelines for Media Sanitization”) to destroy data as part of the decommissioning process. All decommissioned magnetic storage devices are degaussed and physically destroyed in accordance with industry-standard practices

        Access to the Hosting Provider

        MSA connects to the Amazon EC2 environments through a virtual private cloud (VPC) with a public subnet and a private subnet. This allows MSA to run a public-facing web application, while maintaining back-end servers that aren't publicly accessible.

        The instances in the public subnet can receive inbound traffic directly from the Internet, whereas the instances in the private subnet can't. The instances in the public subnet can send outbound traffic directly to the Internet, whereas the instances in the private subnet can't. Instead, the instances in the private subnet can access the Internet by using a network address translation (NAT) instance that is launched into the public subnet.

        Configuration Security

        AWS provides two features to increase security in the VPC: security groups and network ACLs. Both features enable control of the inbound and outbound traffic for the instances, but security groups work at the instance level, while network ACLs work at the subnet level. Both security groups and network ACLs are used to provide an additional layer of security.

         Information Collected: In order to provide Members with the MSA Wellness Plan and the My Secure Advantage Plan two types of information may be collected: Personally Identifiable Information and Non-Personally Identifiable Information.

      3. Employer Provided Benefit: Your employer may not have independently verified the security of the MSA Website. By using the MSA Website, you agree that your employer is not responsible for any security breach to the MSA Website, and agree to indemnify and hold harmless your employer, employer’s affiliates, officers, directors, and employees from and against all losses, damages, liabilities, deficiencies, actions, judgements, costs, or expenses of whatever kind arising out of, or resulting from, any security breach of the MSA Website.
      4. Password Management: To protect your MySecureAdvantage Account, keep your password confidential. You are responsible for managing the security of your password and the resulting activity that happens on or through your MySecureAdvantage Account should your password be compromised. Try not to reuse your password on third-party applications. If you learn of any unauthorized use of your password or MySecureAdvantage Account please go to your account and change your password. Please notify MySecureAdvantage by calling 888-724-2326.
    4. My Secure Advantage Plan - benefits description for Self-Paying Members
      1. Financial Coaching: Members will have unlimited access to a personal Money Coach to work with on an on-going basis. The personal Money Coach will help the member identify personal financial goals, assess the Member’s financial situation and provide a suggested action plan to accomplish those goals.  Financial coaching sessions are by appointment as requested by the Member and are at times mutually agreed to by both the Member and the personal Money Coach.  The duration of each consultation is typically 30 minutes per session.  The Money Coach may determine that a longer session is necessary.  The frequency of sessions is determined by the Money Coach based upon the progress made during each session.  Either the Money Coach or Plan Administrator shall retain absolute discretion to end consultation on any issue where continued consultation will not serve the best interests of the Member.
      2. ID Theft Monitoring/Fraud Resolution:
        1. Identity Monitoring: Members may choose to enroll in identity monitoring service Once enrolled, the Member’s information is monitored across a network of companies who utilize out of wallet knowledge-based authentication questions to verify an identity during a transaction.  The Member will receive a real-time alert via the email on record when the out of wallet knowledge-based authentication questions have been activated.
        2. Fraud Resolution Services: The Member whose identity has been compromised will receive unlimited access to a Fraud Resolution Specialists (FRS) who will address and assist in the effort to repair the Member’s identity. Comprehensive identity recovery services include, but are not limited to, working with creditors, collection companies, collection law firms and credit reporting agencies.  At the option of the Member, the FRS will serve as a personal advocate in representing the Member in disputing and clearing up fraudulent or incorrect claims and credit records.
        3. Identity Fraud Expense Reimbursement Coverage and Unauthorized Electronic Funds Transfers reimbursement - ID Protect provides up to a total of $1,000,000* in Unauthorized Electronic Funds Transfers” (UEFT) reimbursement, which includes up to $25,000* in ID Theft Fraud Expense Reimbursement Coverage for certain expenses incurred in reclaiming the Member’s identity, with a zero deductible.
          1. ID Fraud Expense Reimbursement Coverage
            1. Summary: This Summary is provided to inform the Member of the My Secure Advantage™ Plan, that they are entitled to benefits under the Certificate of Insurance. This Summary Description of Benefits does not state all the terms, conditions, and exclusions of the Certificate of Insurance.  The Member’s benefits will be subject to all of the terms, conditions, and exclusions of the Master Certificate of Insurance, even if they are not mentioned in this Summary.  A complete copy of the Certificate of Insurance will be provided upon request.

              The Master Policy (“Identity Fraud” Expense Coverage) has been issued to: CLC Incorporated (the “Master Policy Holder”) to provide benefits as described in this Summary.

            2. Includes, subject to limitation:
              1. Lost wages as a result of time taken off from work to reestablish identity (up to $500 per week for a maximum of four weeks).
              2. Notary and certified mailing costs for completing and delivering fraud affidavits.
              3. Long distance phone calls associated with reporting an identity theft and/or reestablishing a victim’s identity.
              4. Attorney fees incurred (with prior consent) from the insurer for:
                1. Defending suits brought incorrectly by merchants, creditors or collection agencies.
                2. Removing civil judgments and/or criminal convictions wrongly entered against the victim.
          2. Unauthorized Electronic Funds Transfers (UEFT) reimbursement includes, subject to limitations:
            1. Unauthorized transfers from a Member’s personal (non business) deposit account initiated by someone other than the Member and without the Member’s permission.
            2. UEFT covers personal checking, savings and money market accounts, both inside and outside of retirement accounts.
          3. Filing a Claim - To file a claim under the Certificate of Insurance, call 1-888-724-2326, Monday through Friday between the hours of 6:00 am and 8:00 pm PT.

            *Identity theft insurance underwritten by subsidiaries or affiliates of American International Group, Inc.  The description herein is a summary and intended for informational purposes only and does not include all terms, conditions and exclusions of the policies described.  Please refer to the actual policies for terms, conditions, and exclusions of coverage.  Coverage may not be available in all jurisdictions.

          4. Exclusions and Limitations
            1. For more information on UEFT reimbursement and ID Theft Fraud Expense Reimbursement coverage, and exclusions, please contact the ID Protect Division Manager.  Coverage is provided under the Master Policy issued to CLC Incorporated.
            2. Coverage is subject to all of the terms and conditions and limitations of the Master Identity Fraud Reimbursement Expense policy.
            3. UEFT coverage specifically excludes certain accounts and acts. There is no coverage for business accounts of any nature.  Members must have first sought reimbursement from the financial institution that issued access and held the funds that were stolen and from which the member has not received reimbursement from any source.
      3. MSA Website: The Member will have access to a secure, private MSA website that is a collaborative tool for coaching, which may include highlights and suggestions from the Member’s personal Money Coach. The Member can dictate what information, if any, is shared with their personal Money Coach on the MSA website. The Plan features accessible through the Website include:
        1. MSA Wallet: Personal Financial Management software that will allow Members to track their banking and investment activity across all of their financial accounts. MSA Wallet will allow the Member to set spending and savings goals and provide alerts or notices that may be electronically communicated to the Member.  The Member dictates what information, if any, is shared with their personal Money Coach in the MSA Wallet application.
        2. Online financial calculators with financial articles
        3. Access to self-help legal forms
        4. On-demand learning through education and instructional videos
      4. Access Legal/Mediation: Each Member is entitled to one (1) initial sixty-minute office or telephone consultation at no cost with a network attorney or mediator. In the event that the Member wish to retain a participating attorney or mediator after the initial consultation, the Member will be provided with a preferred rate reduction of 25% from the attorney's normal hourly or fixed fee rate.
      5. Membership Fees: Monthly membership fees shall be paid by (1) by payroll deduction and paid through the Named Member’s Employer/former Plan Sponsor, (2) a debit by electronic funds transfer, such as ACH or bank account payments, or (3) by a charge to the Member’s credit/debit card.
      6. Changes to Benefits and/or Membership Fees: Unless otherwise defined by an Agreement between the Plan Administrator and a Plan Sponsor, the Plan Administrator reserves the right to replace vendors, change benefits and/or membership fees at any time. In such event, the Member and Plan Sponsor (if applicable) shall receive no less than thirty (30) days advance notice of the effective date of any changes.
      7. Terms of Self-Payment

        At the conclusion of the Member’s initial employer-paid benefit period, the Member has the option of continuing to work with their Money Coach as part of this program under a self-pay arrangement (Self-Paying Member) at the rate of $39.95 per month.  The Self-Paying Member will be the sole arbiter of how long they continue working with their Money Coach under this self-pay arrangement.  There are three options for processing payment: Authorized Payroll Deduction, Bank Account Debit, or Credit Card.

        1. Authorized Payroll Deductions - This form of payment is only available to Named Members whose Plan Sponsor offers payroll deductions as an option. When Payroll Deduction is chosen by a Self-Paying Member as his or her payment method, the Self-Paying Member accepts and agrees to these Terms and Conditions.

          Payroll deductions may be made to the Plan Administrator for those Named Members who elect to continue with the My Secure Advantage Program by becoming Self-Paying Members.  The Self-Paying Member will authorize a payroll deduction by digital impression from a recorded phone conversation with a CLC/MSA representative.  Payroll deductions, based on the periodic payment schedule of employees, will take place such that the total sum deducted in any one month of payroll will not exceed $39.95.  Payroll deductions shall continue until the Plan Sponsor’s human resource or payroll department is notified in writing by the Plan Administrator or the Self-Paying Member to discontinue the deductions.  The Plan Administrator will submit monthly identification data in a separate digital file for authorizing Self-Paying Members in a format acceptable to the Plan Sponsor.  The Plan Sponsor will provide to the Plan Administrator the contact information and data needed to facilitate the payroll deduction process.

          Authorized Payroll Deductions are not available to Covered Members or memberships purchased directly from CLC.

        2. BANK ACCOUNT DEBIT (ACH - Automated Clearing House) When Debit to the Self-Paying Member’s Bank Account is chosen by a Self-Paying Member as his or her payment method, the Self-Paying Member accepts and agrees to these Terms and Conditions.
          1. Bank Account Payments. By choosing to use a bank account as a payment method, the Self-Paying Member will be able to complete his or her purchase using any valid automated clearing house ("ACH") enabled bank account at a United States-based financial institution.  By doing so, the Self-Paying Member is authorizing the Plan Administrator to debit their bank account for the total amount of the purchase (including applicable taxes, fees and shipping costs).  To complete the transaction, the Plan Administrator, or an agent acting on its behalf, will create an electronic funds transfer or bank draft, which will be presented to the Self-Paying Member’s  bank or financial institution for payment from Self-Paying Member’s bank account.  The transaction must be payable in U.S. dollars.  The Plan Administrator, in its sole discretion, may refuse this payment option service to anyone or any user without notice for any reason at any time.
          2. Electronic Signature and ACH Authorization. By choosing your bank account as your payment method, the Self-Paying Member agrees that:
            1. he or she has read, understands and agrees to these Terms and Conditions, and that such agreement constitutes a "writing signed by you" under any applicable law or regulation,
            2. he or she consents to the electronic delivery of the disclosures contained in these Terms and Conditions,
            3. he or she authorizes the Plan Administrator (or its agent) to make any inquiries it considers necessary to validate the Self-Paying Member’s dispute, which may include ordering a credit report and performing other credit checks or verifying the information provided against third party databases, and
            4. He or she authorizes the Plan Administrator (or its agent) to initiate one or more ACH debit entries (withdrawals) for the specified amount(s) from the Self-Paying Member’s bank account, and the Self-Paying Member authorizes the financial institution that holds his or her bank account to deduct such payments.
          3. Returned Payments.  If any payments are returned unpaid, the Plan Administrator reserves the right to charge the Self-Paying Member a returned item fee of twenty-five dollars ($25.00) or the maximum amount allowed by law, which may be added to the Self-Paying Member’s payment amount and debited from his or her bank account if the Plan Administrator re-submits an ACH debit due to insufficient funds.  The Plan Administrator may initiate a collection process or legal action to collect unpaid fees.  Self-Paying Member agrees to pay all of the Plan Administrator’s costs for such action, including any reasonable attorneys' fees.
          4. Customer Service. All questions relating to My Secure Advantage™ orders or any payments made using Self-Paying Member’s bank account should be directed to the Plan Administrator, and not to the financial institution that holds the Self-Paying Member’s bank account.  The Plan Administrator may be contacted regarding a Self-Paying Member’s My Secure Advantage™ order or any payments made using his or her bank account by calling the Plan Administrator at 1-888-724-2326.
          5. Error Resolution Policy. If a Self-Paying Member believes that any payment transaction initiated by the Plan Administrator (or its agent) with respect to his or her bank account is erroneous, or if the Self-Paying Member needs more information about any such transaction, he or she should contact the Plan Administrator as soon as possible by telephone or email using the telephone number or email address provided in Section 4 of these Terms and Conditions.  In any event, the Plan Administrator must hear from the Self-Paying Member no later than 90 days after the date the questionable transaction FIRST appeared on the Self-Paying Member’s bank account statement.  When contacting Plan Administrator, provide the following information:
            1. Self-Paying Member’s name and the email address associated with the Self-Paying Member’s My Secure Advantage™ customer account,
            2. a description of the error or the transfer Self-Paying Member is unsure about, and a clear explanation as to what is believed to be in error or why more information is needed,
            3. the dollar amount of the suspected error,
            4. the transaction date and associated transaction identification number from Self-Paying Member’s bank account statement,
            5. a telephone number at which the Self-Paying Member can be reached in case the Plan Administrator needs further information,
            6. the telephone number of the bank, and
            7. that portion of Self-Paying Member’s bank account statement containing the My Secure Advantage transaction information (if requested).
            8. If the information is provided to Plan Administrator orally, the Plan Administrator may require that the complaint or question be sent to the Plan Administrator in writing within ten (10) business days. A "Business Day" means Monday through Friday, excluding federal banking holidays.
          6. Our Liability. If the Plan Administrator fails to debit the Self-Paying Member’s bank account in accordance with these Terms and Conditions, in the correct amount, it may be liable for certain losses directly caused by its failure as the law may impose in such cases.  However, the Plan Administrator will not be liable where:
            1. the Self-Paying Member do not have enough money in their bank account;
            2. Self-Paying Member’s bank account is closed or withdrawals restricted;
            3. any terminal or system was not working properly and the Self-Paying Member was advised of that before he or she initiated the payment;
            4. circumstances beyond the Plan Administrator’s control (such as flood, fire, power outages, mechanical or system failures);
            5. Self-Paying Member’s financial institution refuses to honor an ACH debit;
            6. the Self-Paying Member’s instructions were lost or delayed in transmission to the Plan Administrator;
            7. a reasonable security concern, such as unauthorized use, causes the Plan Administrator not to honor the Self-Paying Member’s instructions;
            8. this payment option has been discontinued or suspended;
            9. the Plan Administrator advised the Self-Paying Member that their request would not be processed; and
            10. other exceptions allowed by law. If the Plan Administrator’s error was unintentional and resulted from a bona fide error, its liability is limited to actual damages, which shall not to exceed the total sum of those charges deducted from the Self-Paying Member’s account in error.
        3. CREDIT CARD PAYMENTS

          When a charge to the Self-Paying Member’s Credit Card is chosen by a Self-Paying Member as his or her payment method, the Self-Paying Member accepts and agrees to these Terms and Conditions.

          1. By choosing this payment method the Self-Paying Member will be able to complete his or her purchase using any valid Visa, MasterCard, American Express, or Discover account. Whenever the Self-Paying Member chooses to pay for an order using their credit card, he or she is authorizing the Plan Administrator to charge their credit card for the total amount of purchase, which includes monthly charges or other recurring charges.  To complete the transaction, the Plan Administrator, or an agent acting on its behalf, will create a credit card charge equal to the Self-Paying Member’s "Purchase Total", which will be presented to his or her credit card account.  The transaction must be payable in U.S. dollars. The Plan Administrator, in its sole discretion, may refuse this payment option service to anyone or any user without notice for any reason at any time.
          2. Electronic Signature. By choosing your credit card as your payment method, the Self-Paying Member agrees that:
            1. he or she has read, understands and agree to these Terms and Conditions, and that such agreement constitutes a "writing signed by you" under any applicable law or regulation,
            2. he or she consents to the electronic delivery of the disclosures contained in these Terms and Conditions,
            3. he or she authorizes the Plan Administrator (or its agent) to make any inquiries it considers necessary to validate Self-Paying Member’s dispute, which may include ordering a credit report and performing other credit checks or verifying the information provided against third party databases, and
            4. he or she authorizes the Plan Administrator (or its agent) to initiate one or more credit card charges for the specified amount(s).
          3. Returned Payments. If any payments are returned unpaid, the Plan Administrator reserves the right to charge the Self-Paying Member an insufficient funds fee of twenty-five dollars ($25.00).
          4. Customer Service. All questions relating to My Secure Advantage™ orders or any payments made using the Self-Paying Member’s credit card should be directed to the Plan Administrator, and not to the Self-Paying Member’s credit card company.  My Secure Advantage™ 1-888-724-2326 will show up on the Self-Paying Member’s credit card descriptor.  The Self-Paying Member may contact the Plan Administrator regarding his or her My Secure Advantage™ order or any payments made using his or her credit card by calling us at 1-888-724-2326.
          5. Error Resolution Policy. If a Self-Paying Member believes that any payment transaction initiated by the Plan Administrator (or its agent) with respect to his or her credit card is erroneous, or if the Self-Paying Member needs more information about any such transaction, he or she should contact the Plan Administrator as soon as possible by telephone or email using the telephone number or email address provided in section (4) of these Terms and Conditions.  In any event, the Plan Administrator must hear from the Self-Paying Member no later than 90 days after the date the questionable transaction FIRST appeared on the Self-Paying Member’s credit card account statement.  When contacting the Plan Administrator, provide us with the following information:
            1. Self-Paying Member’s name and the email address associated with their My Secure Advantage™ customer account,
            2. a description of the error or the payment the Self-Paying Member unsure about, and a clear explanation as to what is believed to be in error or why more information is needed,
            3. the dollar amount of the suspected error,
            4. the transaction date and associated transaction identification number from Self-Paying Member’s credit card account statement,
            5. a telephone number at which the Self-Paying Member can be reached in case the Plan Administrator needs further information,
            6. the telephone number of the credit card company, and
            7. that portion of Self-Paying Member’s credit card account statement containing the My Secure Advantage™ transaction information (if requested)
            8. If the information is provided to the Plan Administrator orally, the Plan Administrator may require that the complaint or question be sent to the Plan Administrator in writing within ten (10) business days. A "business day" means Monday through Friday, excluding federal banking holidays.
          6. Our Liability. If the Plan Administrator fails to charge the Self-Paying Member’s credit card account in accordance with these Terms and Conditions, in the correct amount, it may be liable for certain losses directly caused by our failure as the law may impose in such cases.  However, the Plan Administrator will not be liable where:
            1. the Self-Paying Member’s credit card returns as insufficient funds;
            2. the Self-Paying Member’s credit card account is closed or charges restricted;
            3. any terminal or system was not working properly and the Self-Paying Member was advised of that before he or she initiated the payment;
            4. circumstances beyond the Plan Administrator’s control (such as flood, fire, power outages, mechanical or system failures);
            5. Self-Paying Member’s credit card company refuses to honor the transaction;
            6. the Self-Paying Member’s instructions are lost or delayed in transmission to us;
            7. a reasonable security concern, such as unauthorized use, causes the Plan Administrator not to honor the Self-Paying Member’s instructions;
            8. this payment option has been discontinued or suspended;
            9. the Plan Administrator advised the Self-Paying Member that their request would not be processed; and
            10. other exceptions allowed by law. If the Plan Administrator’s error was unintentional and resulted from a bona fide error, its liability is limited to actual damages, which shall not to exceed the total sum of those charges deducted from Self-Paying Member’s credit card account in error.
        4. CANCELLATION POLICY

          The Self-Paying Member may cancel his or her membership at any time by calling us at 1-888-724-2326 and ask for an MSA Representative.  For any such cancellations, the following rules apply:

          1. Definitions
            1. Billing Day: The same day each month as the enrollment date. For example, if the enrollment date = June 5, the billing day in subsequent months = July 5, August 5, September 5, and so on.
            2. Billing Month: A one-month period that commences on the billing day and ends on the day before the next billing day. For example, if the enrollment date is June 5, the billing months would be as follows:
              1. Billing month 1 = June 5 - July 4
              2. Billing month 2 = July 5 - August 4
              3. Billing month 3 = August 5 - September 4
              4. And so on.
            3. Billing Period: The period of time that corresponds with your billing frequency:
              1. Monthly = 1 billing month
              2. Quarterly = 3 billing months
              3. Annually = 12 billing months
          2. Rules
            1. Cancellations within the first five (5) calendar days of the billing period: If you cancel within (5) days of the start of your billing period, you are entitled to a full refund for that billing month, and all future billing months, in your billing period (for which you have paid).
            2. Cancellations six (6) or more calendar days after start of billing period: If you cancel (6) days or more after the start of your billing period, you will receive a full refund for all subsequent billing months remaining in the billing period (for which you have paid). You will be entitled to full identity theft benefits during the billing month in which the cancellation notice is received by Plan Administrator.