You can count on us to help provide the information you need to protect your business and serve your clients more effectively.

PenChecks and Cyber Security: We’ve Got Your Back

by | Jan 13, 2020

At PenChecks Trust® we’re in the business of providing solutions to the retirement plan industry. Most of those solutions involve payment processing services and the care and administration of missing participant assets. They also involve handling significant amounts of money and sensitive personal data for hundreds of thousands of retirement plan participants. In today’s ever-increasing world of digital commerce, it’s easy to understand that cyber security and the protection of our clients is one of the foremost concerns for PenChecks.

PenChecks invests a great deal of time and resources in making our systems and our data as secure as possible. Our Information Security and Compliance departments work year-round to ensure this. Based on our business model and how we process transactions, we have a lower risk profile than many other retirement plan service providers – for several reasons.

  • We only process distribution requests that get funded. When a client requests we pay out a plan participant, they must provide us with the money. If not, we don’t make the payment.Even if a cyber-criminal could hack into one of our client’s accounts to request a fraudulent payout, they would have to fund that payment request.
  • Our clients proactively engage us for distribution processing services. In most cases, this means a plan participant on the other end is expecting a payment and actively monitoring the status of their processing until they receive their funds. And in all cases, it means we are monitoring it from beginning to end.
  • The only funds we custody for individuals on an on-going basis are missing participant funds. When we pay these individuals (when they are located and claim their funds), we are required by federal regulations to perform robust identity verification protocols and Patriot Act validations.

As long as we receive the correct information from our clients, the chances of PenChecks making a payment to the wrong person are extremely small.

Using MFA to Improve Login Security

At PenChecks, we have both business to business (B2B) and business to consumer (B2C) clients. Our B2B clients consist of TPAs, Plan Sponsors and Institutional clients we provide services for. Our B2C clients consist of individual account holders, including Automatic Rollover and Missing Participant IRAs, one-time distribution recipients, and recurring distribution recipients.

The best way to protect both stakeholder groups is to prevent cyber thieves from getting in by the front door. In other words, to make it very difficult for them to gain access to a client’s or participant’s account at the point of login. To do this, PenChecks requires a multifactor authentication (MFA) upon login.

In order for B2B clients to access our system they are required to use MFA on account set-up and then use it on every login thereafter via a randomly generated code.

For B2C clients (individual participants or account holders) to access our online Benefit Election Site:

  • They must log in with a combination of personal identification elements plus an individual code that is provided to them.
  • For increased security, we will be adding an updated, real-time experience that incorporates additional individual identity verification elements for account holders.

We also employ an automated bank account verification protocol that validates the ownership of bank accounts to the requesting recipient. It also validates correct and matching bank routing and account numbers. This dramatically reduces the instance of rejected electronic payments, resulting in a faster turnaround time for our clients.

Cyber Security Is a Team Effort

You can help reinforce our ongoing security efforts by doing the following:

  • Benefit elections. Remind your plan participants ahead of time that PenChecks will be processing their distribution, which may include correspondence about their benefit elections, and encourage them to respond as soon as possible.
  • Accurate information. Make sure we have accurate participant information, especially the address. This allows us to process claims quicker.
  • Don’t share user IDs. With our proprietary online processing platform, there is no limit to the number of user IDs you can establish for your B2B account. We strongly recommend every user have their own individual login credentials.
  • Keep your users with access up to date. When an employee leaves your company, remove their access right away. That’s one less place for cyber thieves to find a way into your account.

Another Step Toward A More Secure PenChecks System

We are proud to announce that Kevin Smallen, our Chief Information Security Officer (CISO), recently earned the rigorous and demanding Certified Information System Security Professional (CISSP) designation. CISSP is an information security certification created by the International Information Systems Security Certification Consortium (ISC). It ensures computer security professionals have standardized knowledge in areas ranging from physical and networking security to cryptography, security architecture application and systems development, law, investigation, and ethics. Kevin is one of a limited number of IT professionals to hold this coveted designation.



Did you find this content helpful?

Related Insights


Submit a Comment

Your email address will not be published. Required fields are marked *

7 + twenty =


Culture Drives Top Workplace for PenChecks

For the second year in a row PenChecks Trust® has been recognized as a Top Workplace in the San Diego UnionTribune’s annual “Top Workplaces” survey. We are proud to receive this award…

Why You Need Cyber Security Insurance and How to Get It

In recent months, the topic of Cyber Security insurance has crept to the top of the charts for the Department of Labor’s (DOL) ERISA Advisory Council (EAC). Each year, the EAC picks topics it deems crucial to the administration of ERISA.

How to Fight Back Against Social Engineering Hackers

Have you or your business fallen victim to a social engineering scam? Are you concerned about having sensitive client data stolen from your computer network by a cyber hacker? If so, you’re not alone, as cyber security has become an ever-growing threat to individuals and companies around the globe.

SSRA and RSSA: The Next Step in GID (Getting It Done)?

I learned a long time ago that laws can be like sausage. They may look great but you don’t want to see them being made.1 That may also help explain how we get some of the unusual, sometimes pithy acronyms used for new legislation.

Recent Posts

Who Knew Distribution Processing Could Be So Simple?

Learn how Amplify – PenChecks’ powerful cloud-based processing platform that automates and streamlines the retirement distributions workflow – has become the standard platform for all the company’s clients and how it keeps getting better.Learn more about...

Why Our Clients Believe in PenChecks

PenChecks Vice President and National Sales Director Scott Okrasinski relates how the company’s corporate values and principles have played a key role in PenChecks’ continuing growth and long-term relationships with clients.Learn more about PenChecks:

Over 29 Years of Industry Leadership

PenChecks Trust® President and CEO Spiro Preovolos talks about how PenChecks became a leader in the retirement plan distribution industry by doing what nobody else was doing.Learn more about PenChecks:

How One Idea Forever Changed Distribution Processing

For nearly 30 years, PenChecks has leveraged its people and technology to support their retirement plan clients efficiently and effectively. Learn how PenChecks can be big enough to process billions of dollars in distributions each year but small enough to care. Learn...

April 2 – 4 / NAPA 401(k) Summit

San Diego Convention Center / San Diego, CAThe NAPA 401(k) Summit is the nation’s largest and most prestigious conference for retirement plan advisors. PenChecks will be attending. Come meet our team at booth 226!


Have an idea for a topic you don’t see here? Send us an email and we’ll look into it.

Subscribe to our newsletter to receive regular email updates on the latest happenings at PenChecks Trust® and in the retirement plan services industry.


Follow Us
Send this to a friend
I saw this on the PenChecks Trust® website and thought you may be interested in this: