Your customers are important–and so is their data

In the past few years, companies have become significantly more interdependent—users share passwords, and systems use backend technologies operated by third parties. So whenhackers breach a company’s security, they often gain access to a wider set of services and information than initially expected.

That can create countless headaches for customers, whether it’s being forced to reset passwords, freeze credit records, or deal with drained bank accounts and cases of fraud. To get an idea of the scope of the danger, thetop 21 security breachesin 2018 affected hundreds of millions of customers.

Beyond being hugely damaging to the brands affected, there’s the very real harm being done to customers. And these kind of breaches are especially dangerous for companies working in the growingfinancial technologysector. Customers who use these services—mobile banking, digital wallets, and online payment processing—expect convenience, excellent service, and peace of mind when it comes to their personal data.

That poses a significant challenge for fintech support leaders who need a customer service solution that protects the data of both customers and their companies. So when evaluatingcustomer service software, what should those decision-makers look for?

Product security

At the most basic level, customer service software should provide secure encryption of data—for example, it should observeTransport Layer Securityencryption protocols for data that moves between its servers and yours. It also means providing the environment for secure, encryptedemail, and it should allow users to enact settings that automaticallyredactsensitive information like credit card numbers.

It’s also critical to have robust agent and administrator security measures in place, such astwo-factor authentication, which requires customers to enter a code—often sent to the user’s mobile phone—in addition to a username and password, andSSO, which allows users to access several applications with a single set of credentials. And because your customer service software should allow your team to develop custom apps that integrate with other products and sources of data,APIservices should have strong security and authentication measures in place.

Meanwhile, your administrators should be able to setIP restrictions, manage the security level of userpasswords, and set definedrolesto limit who can access administrator functions.

Compliance and industry standards

When a customer service software provider states it takes security seriously, it’s helpful to look for third party attestation to be sure. Meeting compliance standards demonstrates exactly how a provider safeguards your customers’ data. Here are a few standards that you should look for:

SOC 2 Type II.For the layperson,SOC 2 Type IImeans that an organization follows strict security measures concerning customer data stored in the cloud. A third party then audits the organization’s operations—usually over the course of six months—which helps customers understand that the company has implemented a robust system of security controls.

ISO 27001:2013.一个坚持th的供应商is standard, which was established by the国际标准化组织, has set up a rock-solid information security process aimed at addressing risks specific to its business. Meeting this standard requires implementing a culture of continual improvement and risk management,vital elements in determining if a provider will be ready to meet new security challenges.

ISO/IEC 27018:2019.This cloud computingstandardcovers how a company protects personally identifiable information (PII). Organizations that meet this standard have satisfied legal, regulatory, and contractual agreements and have identified—and planned for—security risks.

European Union’s General Data Protection Regulations.Any fintech company operating in the EU or providing services to customers in that market must adhere toGDPR, a stringent set of privacy regulations that, if violated, carry serious penalties. That doesn’t mean having tostorecustomer data within the borders of the EU, but the host country must have equally rigorous data protection laws in place.

Trust, but verify

It’s all well and good if a software provider claims to be taking security risks seriously—but when it comes to protecting customer data, you can’t be too careful. That’s why serious providers seek third-party assessments, either to confirm compliance withregulationsor to verify that they are observing security bestpractices.

Beyond those third-party certifications, you’ll want a partner that offers clear, actionable security measures, such as disaster recovery options, frequent security training and awareness sessions, and regular comprehensive reviews. And be sure to ask questions: Do they conductpenetration tests, observe secure development and deploymentpractices, and haveincident managementprocesses in place? Having a solid yes to each of these questions will help you ensure your customer data is in solid hands.