May 10, 2018   |   eBilling and Payments

Security Checklist: Are You Protecting Customers’ Payment Data?

For utility providers, handling vast amounts of customer data is an everyday occurrence. In addition to energy usage and meter data, their networks also process more sensitive customer details, such as billing information and banking credentials. Today, as the payment landscape becomes increasingly digital, utility providers recognize their responsibility to safeguard this private customer information.

To proactively protect customer data, utility companies comply with two primary standards:  the Payment Card Industry Data Security Standard (PCI DSS) and SOC 2. PCI DSS is a universal set of requirements for any company that accepts credit card payments, while SOC 2 compliance is a determined on a company-by-company basis according to the “trust service principles” of security, availability, processing integrity, confidentiality, and privacy.

Both of these data standards serve the important purpose of boosting customer confidence and improving utility services, but continuously adhering to their requirements can be a demanding—and often confusing—process for utility providers, especially when customers are paying across multiple channels.

If you want to know where you stand when it comes to data security, fill out our checklist of 10 key data security procedures as a starting point for evaluating your current practices and identifying areas of potential weakness:

General Security

1. Does your company enforce its own data security policy?

2. Does your company test the effectiveness of this security policy to determine potential weaknesses?

3. Do you regularly update all security systems and software to keep them up-to-date?

PCI Compliance

4. Is your company able to adequately secure and/or destroy stored customer cardholder data?

5. Does your company allow only authorized users with unique IDs to access customer and cardholder data?

6. Do you require all users to create custom passwords that are different from pre-set system defaults?

7. Does your company prevent customer payment data breaches with firewall, anti-virus, and anti-malware protection?

SOC 2 Compliance

8. Does your company use two-factor identification process to verify authorized users?

9. Do you have a disaster recovery / incident response plan in place?

10. Does your company protect customers’ privacy and confidentiality by encrypting data sent via public internet connections?

 

By comprehensively investing in these security capabilities to protect the safety of your customers’ data today, your utility company can proactively build trust—and new business opportunities—tomorrow.

Rest Assured and Secured With Level One

Let Level One assume responsibility for upholding PCI and SOC 2 compliance on your behalf. OneVIEW®, Level One’s secure, PCI compliant, cloud-based CXM platform, empowers businesses with command and control over the entire customer engagement process and multi-channel bill presentment and payment, easily and securely. Our experts will also proactively manage evolving security and compliance requirements on your behalf so you can rest assured that your customer data remains secure.

Are you interested in lessening the burden of compliance while gaining full data protection? Get in touch with Level One today by scheduling a meeting.