SAFEGUARDING PAYMENT, PERSONAL, & HEALTH DATA
Managing a national or global insurance company certainly has its share of challenges, not the least of which is maintaining the security and privacy of your customers’ payment and personally identifiable information (PII) data. With the increasing number of successful hacks against a wide range of companies, it’s a matter of when, not if, your information systems will be breached. The question is, will there be information in your systems worth stealing?
While payment card data is the most frequent target of hackers, insurance companies store a wealth—literally—of personal data ranging from tax ids, birthdates, physical and email addresses, personal health information (PHI), and employment records that can be used for identity theft. Once PII data is stolen, the damage to your business reputation can outweigh the financial repercussions of payment card theft. Your goal should be to remove all the data coveted by hackers from your internal systems so a breach becomes a reporting inconvenience instead of a public relations disaster.
REMOVE SENSITIVE DATA TO DECREASE RISK & COST OF PCI COMPLIENCE
Collecting payments and personal information from customers is an omni-channel exercise for most insurance organizations. You use call centers to sell policies, collect monthly payments, and field policy claim information. You maintain web sites to enroll new customers, manage claims, and accept payments. Most likely you are expanding your mobile workforce to sell policies, collect personal information, and evaluate claims on the go. With this rapid expansion of data collection channels you need to push as many of your backend business systems out of the scope of PCI compliance as possible to reduce IT security costs and lessen risk. By tokenizing payment and PII data at the point of entry—whether web store, call center, or mobile field agent—all sensitive data is effectively removed from backend systems, thus greatly reducing the scope of PCI compliance and risk.
The TokenEx Cloud Security Platform removes the toxic data from your environment, replaces it with tokens, and stores the payment data in our secure, cloud-based data vault. The tokens you retain in your business systems are of no value to hackers. You use the tokens to process payments as usual, with TokenEx transparently swapping tokens for Primary Account Numbers as the data is exchanged between you and your payment processor, with TokenEx in the middle.
The TokenEx Cloud Security Platform adapts to the way you do business. TokenEx is 100% payment service provider agnostic—you choose processor, gateway, and hardware combinations to suit your business needs. TokenEx’s flexible technologies integrate with your business processes to keep payment processing simple.
- TokenEx integrates with your web site using HTTP web service APIs (application programming interfaces). Using a browser-based encryption technique to strictly limit the exposure of payment data to your business systems, credit card data is encrypted during data entry at the customer’s browser then tokenized before entering your systems.
- TokenEx can host your web payment page making it work with your exact design and functional specifications to create a seamless payment experience for your customers. This method ensures that no payment data ever is received or recorded by your systems, greatly limiting the scope of your PCI compliance.
- TokenEx also handles your batch payment processing if that better fits your business. Instead of sending an aggregation of daily payment card data to your payment gateway for nightly processing, you send tokenized payment batch files to TokenEx where tokens are swapped for PANs and sent on to the payment processor.
- The TokenEx Transparent Gateway makes it easy for you to integrate your tokenized payment streams with multiple payment processors and to add or change them with very minimal updates to your systems.
- In the call center, virtual terminals are supported by TokenEx, so that payment card data is immediately encrypted at the terminal then sent for tokenization and data vaulting in the TokenEx Cloud Platform.
VAULTING PII & PHI PROTECTS YOUR BUSINESS & YOUR CUSTOMERS
Managing personal and health data is key to insuring your customers. You need to track and analyze their data to run your business efficiency and provide the best service to them. Global insurance organizations in particular face an expanding range of stringent international regulations on the control of personal data—with each country enforcing different rule sets. This greatly increases the types of data that must be carefully guarded from unauthorized access. With the capability to tokenize any data set and a comprehensive understanding of international laws defining data security for PII, TokenEx provides an ideal security solution for insurance organizations that must manage PII and PHI data.
TOKENEX SOLUTION AT WORK IN INSURANCE
An international insurance client of TokenEx was rapidly expanding the types of payment acceptance channels to accommodate a wider range of global prospects. When collecting financial data, they also need to record national identification numbers, health information, birth dates, and other forms of PII. This creates a large and growing database of information that, should unauthorized personnel access it, would have significant legal ramifications. TokenEx was able to tokenize and vault all the payment and PII data, leaving only the tokenized data in the insurance company’s systems. In addition, TokenEx created custom high-value token formats that retained the meaning of the original data to use in analytics and reporting. The implementation greatly reduced the scope of PCI compliance for most of their systems, eliminated their liability for the potential loss of other forms of data, and kept the value of the data for use in business processes.
Our insurance clients depend on TokenEx to provide a complete and customizable tokenization solution for their omni-channel payment streams and PII data. Let us explain how a unified cloud tokenization platform can help your organization secure all types of data reducing both risk and cost of PCI compliance. By reducing the costs of PCI compliance, the TokenEx solution often pays for itself. Contact us today to make an appointment to discuss your specific challenges.