• The service provider's management has made a written assertion that gives a fairly presented description of the services provided by the service organization, along with the supporting processes, policies, procedures, personnel, and operational activities that constitute the service organization's core activities that are relevant to its customers. • The control objectives were suitably designed (ssae 16 Type 1) and effectively operated (ssae 16 Type 2) during the dates/periods covered by the attestation. • The criteria used for making the assertions were in place (Type 1) and were consistently applied (Type 2). 2. PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS) COMPLIANT – The PCI dss is a globally instituted security standard for all merchants and service providers who accept credit card information; it is designed to keep customer payment card data secure and prevent payment cardholder data fraud. Working with a financial processing service provider that is Protecting and ensuring security compliance and due diligence is a never-ending process. PCI dss compliant ensures that your customer payment data is secured at the highest level, eliminating the need for your organization to undertake the costly and time consuming process of obtaining PCI dss compliance itself. 3. SARBANES-OxLEY (SOx) – any service provider fully trained in sOX regulations will help ensure that its clients are compliant with all corporate accounting controls required by us federal law. check the locks Not all security precautions are enshrined in legislation or can be officially certified. at a minimum, high-volume billers should make sure that they and the service provider they choose have stringent internal security measures in place to protect customer data. Check on whether production areas are locked and monitored at all times. make sure FTP servers are protected by a highly rated hardware firewall to eliminate unwanted intrusions. additionally, all electronic payment options need to be encrypted and performed over a secure ssL internet connection. many of today’s electronic billing solution providers offer a 20 HBma BILLINg • jaNuarY.FeBruarY.2015 number of additional security features, including biller authentication and non-repudiation of bills, as well as security tokens in addition to or in place of a password that acts like an electronic key. These measures help assure customers their confidential information remains intact. Lastly, it is imperative that the company you choose to handle your sensitive information has a comprehensive disaster recovery program in place to safeguard against fire and other natural and environmental hazards. An ongoing process Protecting and ensuring security compliance and due diligence is a never-ending process. as NIsT suggests, any data breach, or even suspected breach, can help you further identify vulnerabilities and improve your procedures. But, it seems that there is no fence high enough to ensure 100 percent security. The best we can do is enforce 24/7 monitoring of all data, networks, and internal processes, while employing the best tools and practices available. To avoid potential fines, loss of customers, bad publicity, and legal action, make sure you have covered all your security bases and that your program is well executed and monitored by an independent, third-party auditor who knows what to look for and can make useful suggestions for improvement. Harry Stephens is president, CEO, and founder of DATAMATX, one of the nation’s largest privately held, full-service providers of printed and electronic billing solutions. As an advocate for business mailers across the country, Stephens is actively involved in several postal trade associations. He serves on the executive board of the Greater Atlanta Postal Customer Council, Major Mailers Association (MMA), PCC Advisory Committee (PCCAC), and the Board of the National Postal Policy Council (NPPC). He is a board member of The Imaging Network Group (INg), an association for Transactional and Direct Mail Marketing service bureaus. As an expert on high-volume print and mail, he has frequently been asked to speak to various USPS groups. You can contact Harry Stephens at hstephens@datamatx.com.
Billing_JanFeb15
To see the actual publication please follow the link above