Blog

You can count on us to help provide the information you need to protect your business and serve your clients more effectively.

PenChecks and Cyber Security: We’ve Got Your Back

by | Jan 13, 2020

At PenChecks Trust® we’re in the business of providing solutions to the retirement plan industry. Most of those solutions involve payment processing services and the care and administration of missing participant assets. They also involve handling significant amounts of money and sensitive personal data for hundreds of thousands of retirement plan participants. In today’s ever-increasing world of digital commerce, it’s easy to understand that cyber security and the protection of our clients is one of the foremost concerns for PenChecks.

PenChecks invests a great deal of time and resources in making our systems and our data as secure as possible. Our Information Security and Compliance departments work year-round to ensure this. Based on our business model and how we process transactions, we have a lower risk profile than many other retirement plan service providers – for several reasons.

  • We only process distribution requests that get funded. When a client requests we pay out a plan participant, they must provide us with the money. If not, we don’t make the payment.Even if a cyber-criminal could hack into one of our client’s accounts to request a fraudulent payout, they would have to fund that payment request.
  • Our clients proactively engage us for distribution processing services. In most cases, this means a plan participant on the other end is expecting a payment and actively monitoring the status of their processing until they receive their funds. And in all cases, it means we are monitoring it from beginning to end.
  • The only funds we custody for individuals on an on-going basis are missing participant funds. When we pay these individuals (when they are located and claim their funds), we are required by federal regulations to perform robust identity verification protocols and Patriot Act validations.

As long as we receive the correct information from our clients, the chances of PenChecks making a payment to the wrong person are extremely small.

Using MFA to Improve Login Security

At PenChecks, we have both business to business (B2B) and business to consumer (B2C) clients. Our B2B clients consist of TPAs, Plan Sponsors and Institutional clients we provide services for. Our B2C clients consist of individual account holders, including Automatic Rollover and Missing Participant IRAs, one-time distribution recipients, and recurring distribution recipients.

The best way to protect both stakeholder groups is to prevent cyber thieves from getting in by the front door. In other words, to make it very difficult for them to gain access to a client’s or participant’s account at the point of login. To do this, PenChecks requires a multifactor authentication (MFA) upon login.

In order for B2B clients to access our system they are required to use MFA on account set-up and then use it on every login thereafter via a randomly generated code.

For B2C clients (individual participants or account holders) to access our online Benefit Election Site:

  • They must log in with a combination of personal identification elements plus an individual code that is provided to them.
  • For increased security, we will be adding an updated, real-time experience that incorporates additional individual identity verification elements for account holders.

We also employ an automated bank account verification protocol that validates the ownership of bank accounts to the requesting recipient. It also validates correct and matching bank routing and account numbers. This dramatically reduces the instance of rejected electronic payments, resulting in a faster turnaround time for our clients.

Cyber Security Is a Team Effort

You can help reinforce our ongoing security efforts by doing the following:

  • Benefit elections. Remind your plan participants ahead of time that PenChecks will be processing their distribution, which may include correspondence about their benefit elections, and encourage them to respond as soon as possible.
  • Accurate information. Make sure we have accurate participant information, especially the address. This allows us to process claims quicker.
  • Don’t share user IDs. With our proprietary online processing platform, there is no limit to the number of user IDs you can establish for your B2B account. We strongly recommend every user have their own individual login credentials.
  • Keep your users with access up to date. When an employee leaves your company, remove their access right away. That’s one less place for cyber thieves to find a way into your account.

Another Step Toward A More Secure PenChecks System

We are proud to announce that Kevin Smallen, our Chief Information Security Officer (CISO), recently earned the rigorous and demanding Certified Information System Security Professional (CISSP) designation. CISSP is an information security certification created by the International Information Systems Security Certification Consortium (ISC). It ensures computer security professionals have standardized knowledge in areas ranging from physical and networking security to cryptography, security architecture application and systems development, law, investigation, and ethics. Kevin is one of a limited number of IT professionals to hold this coveted designation.


 

PTCA-2020001

Did you find this content helpful?

Related Insights
Comments

0 Comments

Submit a Comment

Your email address will not be published.

four × two =

Topics

How to Fight Back Against Social Engineering Hackers

Have you or your business fallen victim to a social engineering scam? Are you concerned about having sensitive client data stolen from your computer network by a cyber hacker? If so, you’re not alone, as cyber security has become an ever-growing threat to individuals and companies around the globe.

SSRA and RSSA: The Next Step in GID (Getting It Done)?

I learned a long time ago that laws can be like sausage. They may look great but you don’t want to see them being made.1 That may also help explain how we get some of the unusual, sometimes pithy acronyms used for new legislation.

U.S. Supreme Court Rules On Fiduciary Responsibilities

Are plan fiduciaries protected from excessive fee lawsuits just because they offer participants a menu of investment funds that includes some low-fee investment choices? Or are plan sponsors and other fiduciaries required to do more than that?

PenChecks Named a San Diego Top Workplace

PenChecks Named a San Diego Top Workplace for 2021 in the San Diego Union-Tribune’s (UT San Diego) annual “Top Workplaces” contest. And now, thanks to our awesome employees, all of San Diego will know about it.

Zero Trust: The New Cybersecurity Paradigm

Cybersecurity technologies and methods used to protect a company’s data have significantly evolved over the last two decades. Unfortunately, so have the cyber criminals (hackers) who relentlessly pursue the riches to be made from stealing personal information and other sensitive data.

Recent Posts

How to Fight Back Against Social Engineering Hackers

Have you or your business fallen victim to a social engineering scam? Are you concerned about having sensitive client data stolen from your computer network by a cyber hacker? If so, you’re not alone, as cyber security has become an ever-growing threat to individuals and companies around the globe.

SSRA and RSSA: The Next Step in GID (Getting It Done)?

I learned a long time ago that laws can be like sausage. They may look great but you don’t want to see them being made.1 That may also help explain how we get some of the unusual, sometimes pithy acronyms used for new legislation.

U.S. Supreme Court Rules On Fiduciary Responsibilities

Are plan fiduciaries protected from excessive fee lawsuits just because they offer participants a menu of investment funds that includes some low-fee investment choices? Or are plan sponsors and other fiduciaries required to do more than that?

PenChecks Named a San Diego Top Workplace

PenChecks Named a San Diego Top Workplace for 2021 in the San Diego Union-Tribune’s (UT San Diego) annual “Top Workplaces” contest. And now, thanks to our awesome employees, all of San Diego will know about it.

Archives

Have an idea for a topic you don’t see here? Send us an email and we’ll look into it.

Subscribe to our newsletter to receive regular email updates on the latest happenings at PenChecks Trust® and in the retirement plan services industry.

SUBSCRIBE

Resources
Follow Us
Send this to a friend
Hi,
I saw this on the PenChecks Trust® website and thought you may be interested in this: https://penchecks.com/penchecks-and-cyber-security-weve-got-your-back/