JUNE 13, 2019 – As the fleet or safety manager for your company, you put a great deal of effort into maintaining a safe and compliant workforce. But safety encompasses more than complying with federal regulations – it includes the security of you and your employees’ personal information.
With 2.8 billion consumer data breaches last year alone, data security is becoming a serious concern. Yet, it’s not something we’re always thinking about when we choose a compliance vendor. These companies have access to not only our company credit card information, but the social security numbers, birth dates and drug testing information of the drivers we employ – information that we count on being secure.
The exposure of this information came at a cost of more than $654 billion in 2018. So while many companies will attest to their data security, most have vulnerabilities that put you and your employees at risk.
How to Choose the Right Provider
Although it’s not regulated by federal law, companies that accept credit card payments are expected to adhere to the Payment Card Industry Data Security Standards (commonly referred to as PCI standards). Those that don’t will face fines from the credit card companies – and can lose their ability to process credit card transactions entirely.
The issue, however, is that while the PCI Security Standards Council has put these standards in place, it’s up to each individual company to ensure they’re compliant. “Companies, depending on their merchant level, self-attest to their own compliance and no one checks to ensure everything is in order unless there is a security breach,” Foley Security Engineer Carlos Neto said. “I know from experience that many companies that self-attest to their compliance aren’t in fact compliant. Some of them lie and others are just misinformed because they don’t have the resources to conduct a thorough audit…and they’re getting away with it because there isn’t an auditing body who is checking in with them.”
Not all DOT compliance providers adhere to PCI standards. To ensure you’re working with a provider that will keep your information safe, you’ll want to ask the following questions:
- Are you PCI compliant? If so, can you prove it?
- Are you performing third-party audits and/or penetration tests on your websites?
- Do you have a dedicated security team?
At Foley, our security team goes the extra mile to ensure our customers’ data is secure. Although PCI Standards require companies to run a quarterly security scan of their websites, Foley works with an approved scanning vendor to check for security issues monthly. “We’re constantly monitoring and improving our processes,” Carlos said. “What’s secure today, might not be secure tomorrow. It’s a never ending cycle.”
.png)