Why Does PCI Compliance Matter For Your Insurance Organization?

As the world becomes more and more digital, online payments have become the norm–even in the insurance world. However, with the convenience of online transactions come risks. It’s important for organizations to ensure that their card transactions are secure and compliant with industry standards.

When asked about data security standards and protecting your customers’ payment information we proudly state we’re PCI level 1 compliant. But what exactly does that mean and why is it so important to you and your business?

Here’s a quick overview of the different PCI DSS levels and what they entail, how we assure Level 1 compliance, and explain why digital payments can actually be the safest payment solution.

What is PCI DSS Compliance?

PCI compliance refers to adhering to the Payment Card Industry Data Security Standards (PCI DSS), a set of security requirements created to protect cardholder data and prevent data breaches. These standards apply to any organization that accepts, processes, stores, or transmits credit card information.

There are several levels of compliance, mostly determined by the number of transactions an organization handles each year. Because ePayPolicy is in the Level 1 (highest) tier, we must follow the strictest data security protocols as defined by PCI DSS.

PCI requires us to validate our PCI DSS compliance through:

  • Annual Audit of our PCI DSS compliance by a 3rd party Qualified Security Assessor (QSA)
  • Monthly network scan by an Approved Scanning Vendor (ASV)
  • Penetration Test of our Network and Application
  • Internal Scans

At ePayPolicy, we also utilize tokenization, a process by which the primary account number (PAN) is replaced with a surrogate value called a token. Implementing tokenization instead of storing PANs is a key technology that secures cardholder data and mitigates risk of data breaches; as a result preventing financial loss, identity theft and reputational damage.

Why is PCI Compliance Important?

The same technologies that make everyday business more efficient also make it easier for hackers to access sensitive information.

The Payment Card Industry Security Standards Council explains the seriousness this way: “The breach or theft of cardholder data affects the entire payment card ecosystem. Customers suddenly lose trust in merchants (that’s you) or financial institutions, their credit can be negatively affected — there is enormous personal fallout. Affected merchants and financial institutions lose credibility (and in turn, business).”

We’ve all heard the horrifying stories of major data breaches affecting millions of consumers. But security breaches are not just for big name retailers or credit bureaus. Theft of sensitive financial information can happen to any size or type of business.

Non-compliance with the PCI DSS can also result in fines and penalties from payment card companies, which can be significant. These fines can be issued if the organization is found to be non-compliant during a security assessment, or if a data breach occurs due to non-compliance. In addition to financial penalties, non-compliance can also result in reputational damage and loss of customer trust.

By following PCI requirements, insurance organizations can demonstrate their commitment to protecting customer data and providing a secure payment environment. This can help to build customer trust and loyalty, which is essential in the highly competitive insurance industry.

Secure Your Clients’ Sensitive Information with Digital Payments

As the payment processor, ePayPolicy takes full responsibility for safeguarding the security of all credit/debit card payments on behalf of clients. We’re constantly testing our platform to make sure it’s hack proof.

ePayPolicy is a PCI Level 1 service provider. A service provider is a business entity that isn’t a payment brand, but is directly involved in the processing, storage, or transmission of cardholder data on behalf of another business. In our case, we are a service provider for insurance organizations.

Irene Herman, CEO of Riskguard Insurance and ePay client says, “People have confidence in us that our system is confidential and private. We let them know, if they are skeptical, that ePayPolicy is PCI Level 1 compliant. The money goes straight into the bank. We don’t even know the client’s account number.”

We certify Level 1 compliance on our end — so you can concentrate on what you do best — delighting your customers and running your business.

If you’re still curious, you can educate yourself about all things PCI DSS compliance here: https://www.pcisecuritystandards.org

Are Paper Checks Putting Your Insureds and Agency At Risk?

Why do people buy insurance? For protection. It’s ironic, then, that paying for insurance could leave them—as well as your agency—exposed. (Spoiler alert: it doesn’t have to.)

We’re referring to the security risks of paper checks. The insured writes a premium check and drops it in the mail. If everything goes right, the check takes a few days to reach your agency. If it doesn’t, the check could end up… who knows where. Once inside the agency, the check has more opportunities to get stuck in a file folder, under a pile of mail, or accidentally picked up off someone’s desk. It may turn up weeks or even months later. At that point, the check may no longer be cashable. In fact, you could get charged a “deposit item returned” fee from the bank.

Risks to the Insured
The main problem is not the amount of the check; it’s the information on the check. All someone needs to raid your client’s bank account is the routing and account number. Often enough, they don’t even need the name to write an electronic check from the account. But checks also contain other personally identifying information (PII) that thieves steal to wreak havoc with someone’s finances and credit. 

Name and address, both printed on a check, are PII. Some people have even been known to include their driver’s license number or Social Security number on their checks (although that’s highly unlikely for a business account). All of this PII is an open invitation for bad actors. Any enterprising imposter can simply copy the information off your client’s check, and they’re off and running. 

Risks to the Agency and the Insured
The insured is putting their PII, along with a large amount of money, at risk when they write you a check. Every pair of hands that touches the check could fraudulently cash it and/or steal the insured’s identity. This might not be likely to happen within your agency, we know you manage a  top-notch, respectable workforce. But the risk of really anyone (e.g., technicians, sales reps or other visitors) taking a paper check is there. 

As the payee, you assume some risk for that payment as well. If something happens to the check along the way, the insured could hold your agency responsible. It costs them money to put a stop payment on the check, and if you do find the check and deposit it at the wrong time for the client, it can bounce. Nobody wants those extra bank fees.

The Better, Safer Payment Option
Of course we’re not going to leave you without a solution to these security risks! You can eliminate them by accepting digital payments with ePayPolicy. On top of being faster, simpler and more convenient for the client, digital payments are incredibly more secure than checks. 

ePayPolicy is also PCI compliant. That means we take full responsibility for the data security of your insureds’ digital  payments. We don’t store payment information unless they ask to set up an account. Even then, it’s all encrypted. We never see it, and cyber thieves never could

Here’s a link, in case you missed our blog on the importance of PCI compliance for your agency.

In Summary
Whereas checks are inherently risky, we make digital payments safe. The ePayPolicy platform is hack-proof, and we’re constantly testing it to ensure the highest level of security. If you’re ready to provide the safest payment option to your insureds, sign up or schedule a demo here.

The 2019 MIIAB EXPO Is In The Books

MIIAB EXPO 2019 ePayPolicy Presenting
Team members from ePayPolicy headed to the MN Independent Insurance Agents & Brokers (MIIAB) Expo on April 30, 2019 at the Mystic Lake Center in Prior Lake, MN.

Fun fact, the MN Independent Insurance Agents & Brokers Expo is the largest independent insurance agent and company expo in the Midwest. Over 1,000 insurance agents attended the event and more than 90 vendors were also present, including ePayPolicy!

Christensen Group

“We are a new customer of ePayPolicy and we have already had several clients use the service to make payments.  It is quick and easy for the client, and is very easy for us to monitor and record the payments on our end.  Our staff have been very receptive to ePayPolicy, and have been communicating this new payment option to customers via the ePayPolicy flyer and listing our ePayPolicy payment site on all our agency billed invoices.” – Sean Karsch Controller at Christensen Group Insurance.

Todd Sorrel, co-founder of ePayPolicy, presented at the MN Independent Insurance Agents & Brokers Expo and highlighted just how easy it is to start collecting digital payments.

The MN Independent Insurance Agents & Brokers Expo also featured breakout sessions for independent agents and offered tips on technology, agency service tips, MIIAB tools, and cyber-crime.

The technology breakout focused on performance, strategy, and ways that agents could better their service. The second breakout focused on MIIAB member services that agents could utilize, and the last breakout sessions centered on cyber-crime and how to stay protected as an independent insurance agent in the digital age.

“ePayPolicy is a tool that independent insurance agents can utilize in order to keep their business running smoothly and increase their bottom line,” says Todd Sorrel. “The technology we use allows for safe and secure payments in an age where cyber-crime is a real threat.”

Want to receive secure payments for your policies?
ePayPolicy allows for you to receive ACH and credit card payments online in order to help speed up receivables and increase your bottom line. If you want to introduce new technology that will not only help your business, but that your clients will also love, schedule a call with us today at 844-372-9300!