Compliance confluence: 1st Credit and SureCloud
To meet mandates, a U.K. finance company needed a solution to aggregate data from disparate components, reports Greg Masters.With the holiday season ended, there's no doubt that retailers and online merchants were put to the test processing customer purchases.
While cash registers rang up store purchases, and home users ordered gifts online, nefarious criminals too were getting in on the bustling shopping season activity to prey on the digital transmissions from home computers or in-store point-of-sale terminals.
As evidenced by massive breaches of customer data – including intrusions into the databases of TJX, parent of TJMaxx, and payment processors Heartland Payment Systems and RBS WorldPay, to mention just a few – miscreants have been mining the personally identifiable information (PII) of consumers conducting financial transactions and successfully stealing millions of card records to use for their own purchases or selling the information in profitable, albeit illegal, online forums.
Nowhere are precautionary measures to thwart these attempts taken so seriously as at banks and financial institutions, where laws and industry guidelines dictate measures that must be taken to protect PII, says Andrew Bover (left), head of information communication technology at finance company 1st Credit, headquartered in Reigate, Surrey in the U.K.
1st Credit is a leading U.K. debt collection agency responsible for managing more than $8 billion in outstanding consumer debt. It manages the debt portfolios, third-party collections and ledger management for some of the U.K.'s leading banks, credit card companies, retailers, utility suppliers and telecom companies – who they buy or service debt from – and the millions of customers whose credit history they are helping to repair.
The company operates a call center as part of its debt-collection operation, which handles online payment from debtors. As such, it is governed by the Payment Card Industry Data Security Standard (PCI DSS), which are rules for payment card data security management, policies, procedures, network architecture and software design.
It is a highly regulated business, says Bover. 1st Credit had previously achieved compliance standards using multiple point solutions for different aspects of its information security, and each of these “did its own thing,” he says, but aggregating the information from each point to attain a complete picture at any one time was difficult.
“It wasn't just the cost of paying for individual products that had an impact on our business,” he says. “It was the overall total cost of ownership as a result of us having to manage different solutions and keep on top of the reporting requirements.”
With a proven track record in achieving compliance standards – the 200-employee company has won several awards (see sidebar below) and touts its achievement in this area as a critical business differentiator. Reaching this level was a bit of a challenge. Bover, and his 13-person IT staff, needed to aggregate all the disparate information security data being assembled from a number of components to help the company demonstrate its compliance posture. “This demanded a sensible solution that would give us all our core information security functionality in one place,” he says. “But that was easier said than done.”