How to Protect Your Customers’ Financial Information

Your customers put their money in your hands, and often their bank accounts. They also routinely give you sensitive information like their Social Security number and driver’s license. All of this information equals a lot of trust. And with great trust comes great responsibility…or something like that. But it definitely means that we need to step up our game and make sure all their information is secure.

Secure Data is Happy Data

So how can we make sure that we take care of our customers’ data? And how can your institution become a mini Fort Knox? Read on and we’ll cover seven different ways you can make sure your institution is secure and your customers’ data is protected.

1. Strong Passwords Required

Sometimes we need to step in and help customers protect their own data. By requiring your customers to create strong online passwords, you help keep them safe. Strong passwords are typically over eight characters in length, include both uppercase and lowercase letters, including at least one number, and include a symbol (e.g., &, %, #). You can also encourage your customers to make their passwords on your site unique instead of re-using one of their other passwords.

2. Security Questions

With the dozens of passwords we all have these days, we are bound to forget one every once in a while (unless you use a password manager, which I highly recommend). In case your customers are as forgetful as the rest of us, they will need a secure way to recover their password and access their account. Enter security questions. Security questions ask for specific information from your customers that, hopefully, only they know. Standard questions are usually along the lines of “where were you born,” or “what was the name of your first pet,” or “where did you meet your spouse.” But you can also allow your customers to create their own custom security questions to provide even more security. Custom questions can be as unique as your customers and even harder for imposters to answer correctly. It’s one more level of security you can offer your customers.

3. Alerts

Every once in a while, I get an email telling me that someone has logged into my account from an unknown device. Typically, the person who has logged into the account is me, so I glance at the email quickly before getting rid of it. But I am so glad to get the emails. It lets me know that my account is being taken care of. Your customers want that same sense of security, so you should give it to them. Allow your customers to be able to sign up for alerts when someone logs into their account, when a payment is made, if their user is restricted due to too many invalid login attempts, etc. These alerts not only provide your customers with a sense of safety, but they also enable them to help protect their accounts and contact your institution if something isn’t right. It’s what we in the industry call a win-win (and by “we in the industry,” I mean everyone).

4. Automatic Timeouts

5, 4, 3, 2, 1 and you’re out! Don’t worry, I’m not going to tell you to put your customers in timeout. I’m talking about automatically logging them out of their account after so many minutes of inactivity. This is especially helpful if a customer accesses their account on a public computer. Automatic timeouts help keep others from accessing accounts that were accidentally left open. And it’s definitely something you should have set up for your institution’s online accounts.

5. Encryption

The online accounts of your customers must send and receive information from your institution, the customer’s banking institution, and often other third parties. There is a ton of sensitive data running around out there in the ether. And this is where encryption comes into play. Encryption allows us to convert information into a secret code that can only be read by those with the correct cipher. This allows you to keep your customer’s information secure and it means that encryption is a really big deal. Make sure that your encryption is top-notch.

6. Internal and External Audits

Remember back in school when you turned in that paper that you had worked so hard on and thought was flawless, only to receive it back from your teacher a few days later with red ink all over the place? (Maybe that was just me.) Regardless, all I’m saying is that sometimes you need someone else to go over your work. Regular internal audits are a must and help your team stay up to date on security policies, procedures, and best practices. But sometimes you need an outsider to come in and put red ink all over the place (metaphorically speaking). External audits are great to spot weaknesses that you might overlook. They help you strengthen the security of your entire system and get rid of all those red marks that you didn’t even know you had.

7. Compliance

When you handle financial data, there are a lot of regulations that you need to stay in compliance with. And these regulations help your institution stay even more secure. They are like a nice older brother pointing out the potential pitfalls of your new school. For example, maintaining PCI compliance confirms that your institution is following the Payment Card Industry Data Security Standards designed to ensure that companies who handle credit card information maintain a secure environment. Meanwhile, maintaining System and Organization Controls (SOC) compliance helps your institution maintain security, availability, processing integrity, confidentiality, privacy, and financial integrity. Maintaining compliance is one more way you can offer your customers the security they need.

GOLDAccount Center: It’s Secure

I know that all of this might sound like a lot. But not to worry, we can help. Our GOLDAccount Center is a secure system that makes it easy for your customers to apply for and manage loans online. We take care of all the security so that you can relax.

1. Strong Passwords Required

GOLDAccount Center enables you to require your customers to create strong online passwords. In addition, you can include a note to encourage your customers to make their password on your site unique and not re-use one of their other passwords.

2. Security Questions

With GOLDAccount Center, you can select from a wide variety of questions to offer as default security questions to your customers in both English and Spanish. Our questions are specific, which makes them more secure. In addition, you can also allow your customers to create their own custom security questions to provide even more security.

3. Alerts

Want to offer your customers peace of mind? GOLDAccount Center has you covered. Customers can choose to receive notifications whenever their account sees online activity (e.g., a payment is made, someone logs in, a password is changed, the account is locked due to an excess of invalid login attempts, etc.).

4. Automatic Timeouts

GOLDAccount Center automatically logs customers out after they have been inactive for too long and we let you determine how long that is. If you want customers logged out after five minutes of inactivity, we can make that happen.

5. Encryption

Our encryption is top-notch. All the sensitive information that GOLDAccount Center handles sits on secured servers and travels through encrypted connections. We keep everything super-duper secure.

6. Internal and External Audits

At GOLDPoint Systems we employ an internal audit team. This team coordinates penetration and vulnerability testing, audit calculations, and ensures we are following all government regulations and best practices. In addition, we conduct regular external audits by the FCIC, OCC, and the Utah Department of Financial Institutions. Our annual SOC 1 Type II and SOC 2 Type II audits certify that we maintain System and Organization Controls (SOC) compliance.

7. Compliance

Speaking of compliance, GOLDAccount Center is PCI compliant, meaning that we follow the Payment Card Industry Data Security Standards and maintain a secure environment. In addition, GOLDPoint Systems maintains SOC compliance. We also publish reports of our annual SOC 1 Type II and SOC 2 Type II audits and make these available to our clients.

Want to learn more about GOLDAccount Center and how it can help keep your customer data secure? Request a free Demo. If you are already a client with GOLDPoint Systems, you can read more about GOLDAccount Center in DocsOnWeb.