alorica

Please enter three or more characters.

PCI Compliance banner

Do You Know Where Your Customers' Data Is? Utilities Need an Expert in PCI Compliance

Security sure isn’t what it used to be! If the recent data breaches of high profile and sophisticated companies in the healthcare, retail and finance industries have taught us anything, it’s that businesses need to seriously assess their data security. Now more than ever, utility companies are high profile targets of attempted data theft, with hackers taking advantage of lax security standards.  

Physical and operational data security should be a top priority for your utility company, particularly when selecting an outsourcing partner. Developing strategies that protect your customers’ data is an essential component of providing top-notch customer service. But to provide your customers with the highest levels of service and security, it’s important that you look for a partner who can go beyond simply protecting credit card and payment data to also identifying systems that can be used to breach multi-factor authentication techniques.  

When selecting an outsourcing partner, here are three considerations your utility company should keep in mind:

Is your outsourcing partner certified Payment Card Industry (PCI) compliant?

Whether your utility company is PCI compliant (but prefers to outsource payment arrangements and processing for cost savings or to provide a better customer experience), or you are not PCI compliant in-house, it’s critically important that your outsourcing partner is certified PCI compliant.  

There are, however, varying levels of PCI compliance. Many companies claiming to be PCI compliant have not achieved these higher levels of certification, but rather, tout “self-assessment”—which essentially means that they may not have been independently assessed, nor approved, by leading credit card providers.  

Be sure to ask the following questions to understand the level of PCI compliance a potential outsourcing partner can offer:

  • Is the outsourcing partner PCI compliant?

  • If yes, has their compliance been certified by a Qualified Security Assessor (QSA), or are they self-assessed?

  • Is the Supplier listed on the VISA and MasterCard registered Supplier list?

Being certified by a QSA shows an additional investment in the compliance process and likely investment in infrastructure to keep your data safe. To find outsourcing partners certified by a QSA, visit the PCI Security Standard’s website1 and view their list of certified companies.  

Can your outsourcing partner safeguard non-payment data?

In 2013, 45 percent of data thefts2 involved non-payment card data. Protecting your customers’ payment data is vitally important, but focusing only on securing the payment data can leave your customers’ other personal data vulnerable.  

Remember—it’s not just payment data at risk, so it’s important to ask your outsourcing partner whether they are safeguarding data throughout the customer journey or only during payment processes. Particularly in a regulated industry like utilities, customers expect that their data is private and secure. They expect data like their account number, phone number, address and social security number to be as safe as their credit card number.  

If non-payment data is breached, it could potentially harm your brand. In 2012, nearly 2 million customers of two New York-based utility companies3 had personal data such as their social security numbers, birthdates and other account information exposed. Since then, the threat of a data breach has only grown. To ensure the security of all data—payment and non-payment—ask your outsourcing partner whether they meet security expectations in every interaction and for every type of data collected.  

Does your outsourcing partner provide an exceptional experience throughout the customer journey?

You may be selecting an outsourcing partner based on their ability to provide high levels of PCI compliance and security measures, but it’s also important to consider how a third party company interacts with your customers.   Consider questions like these:

  • Do your customers have the same experience with your payment processing partner as they do with your own representatives?

  • How much control do you have over these interactions?

  • Is your partner committed to providing an exceptional customer experience4 every time?

  • Is your partner actively working to build your brand and enhance NPS® and customer satisfaction outcomes?

Now that customers can easily switch their utility providers, it’s more important than ever to take into consideration the entire customer journey and their interactions with front line representatives. A study published in the Harvard Business Review5 last year showed that less than half (43%) of utilities customers who have a negative experience are still members after a year, compared to 74% who have positive experiences. You need to be certain you’re not losing customers because of poor customer interactions with your outsourcing partner!  

Selecting the right outsourcing partner is about more than payment processing. It’s about securing your customer’s data—all of it—and ensuring that every interaction with your customers is exceptional. If you keep all this in mind when choosing your partner, you’ll likely succeed at finding a partnership that’s truly win-win.


SOURCES

1   https://www.pcisecuritystandards.org/approved_companies_providers/qualified_security_assessors.php

2  http://www.forbes.com/sites/frontline/2014/07/07/payment-card-data-isnt-the-only-lucrative-loot-in-a-data-breach/

3   http://www3.dps.ny.gov/pscweb/WebFileRoom.nsf/Web/1986D5ECA1917A8A8525798E005F81DD/$File/pr12007.pdf?OpenElement

4  https://alorica.com/outcomes/actionable-insights/alorica-analytics/

5  https://hbr.org/2014/08/the-value-of-customer-experience-quantified/

 
Thank you for filling out our form. Loading animation

Get the Report

By clicking below, you consent to us contacting you directly, and to the collection, storage, and use of your personal information as more fully described in our privacy policy.

 

Alorica Inc. (“Alorica”) is the holding company of various direct and indirect subsidiaries, including Systems & Services Technologies, Inc. (SST), NMLS 950746. Many of Alorica Inc.’s subsidiaries operate under the brand, Alorica, but all remain separate legal entities.