As the world becomes more and more digital, online payments have become the norm–even in the insurance world. However, with the convenience of online transactions come risks. It’s important for organizations to ensure that their card transactions are secure and compliant with industry standards.
When asked about data security standards and protecting your customers’ payment information we proudly state we’re PCI level 1 compliant. But what exactly does that mean and why is it so important to you and your business?
Here’s a quick overview of the different PCI DSS levels and what they entail, how we assure Level 1 compliance, and explain why digital payments can actually be the safest payment solution.
What is PCI DSS Compliance?
PCI compliance refers to adhering to the Payment Card Industry Data Security Standards (PCI DSS), a set of security requirements created to protect cardholder data and prevent data breaches. These standards apply to any organization that accepts, processes, stores, or transmits credit card information.
There are several levels of compliance, mostly determined by the number of transactions an organization handles each year. Because ePayPolicy is in the Level 1 (highest) tier, we must follow the strictest data security protocols as defined by PCI DSS.
PCI requires us to validate our PCI DSS compliance through:
- Annual Audit of our PCI DSS compliance by a 3rd party Qualified Security Assessor (QSA)
- Monthly network scan by an Approved Scanning Vendor (ASV)
- Penetration Test of our Network and Application
- Internal Scans
At ePayPolicy, we also utilize tokenization, a process by which the primary account number (PAN) is replaced with a surrogate value called a token. Implementing tokenization instead of storing PANs is a key technology that secures cardholder data and mitigates risk of data breaches; as a result preventing financial loss, identity theft and reputational damage.
Why is PCI Compliance Important?
The same technologies that make everyday business more efficient also make it easier for hackers to access sensitive information.
The Payment Card Industry Security Standards Council explains the seriousness this way: “The breach or theft of cardholder data affects the entire payment card ecosystem. Customers suddenly lose trust in merchants (that’s you) or financial institutions, their credit can be negatively affected — there is enormous personal fallout. Affected merchants and financial institutions lose credibility (and in turn, business).”
We’ve all heard the horrifying stories of major data breaches affecting millions of consumers. But security breaches are not just for big name retailers or credit bureaus. Theft of sensitive financial information can happen to any size or type of business.
Non-compliance with the PCI DSS can also result in fines and penalties from payment card companies, which can be significant. These fines can be issued if the organization is found to be non-compliant during a security assessment, or if a data breach occurs due to non-compliance. In addition to financial penalties, non-compliance can also result in reputational damage and loss of customer trust.
By following PCI requirements, insurance organizations can demonstrate their commitment to protecting customer data and providing a secure payment environment. This can help to build customer trust and loyalty, which is essential in the highly competitive insurance industry.
Secure Your Clients’ Sensitive Information with Digital Payments
As the payment processor, ePayPolicy takes full responsibility for safeguarding the security of all credit/debit card payments on behalf of clients. We’re constantly testing our platform to make sure it’s hack proof.
ePayPolicy is a PCI Level 1 service provider. A service provider is a business entity that isn’t a payment brand, but is directly involved in the processing, storage, or transmission of cardholder data on behalf of another business. In our case, we are a service provider for insurance organizations.
Irene Herman, CEO of Riskguard Insurance and ePay client says, “People have confidence in us that our system is confidential and private. We let them know, if they are skeptical, that ePayPolicy is PCI Level 1 compliant. The money goes straight into the bank. We don’t even know the client’s account number.”
We certify Level 1 compliance on our end — so you can concentrate on what you do best — delighting your customers and running your business.
If you’re still curious, you can educate yourself about all things PCI DSS compliance here: https://www.pcisecuritystandards.org