A lot of companies that handle their own transactional mailings–in other words, process, print, and mail their own bills– eventually decide it might be better to have a third-party transactional firm do that work for them.

Many never follow through because they have a big concern: the data used to create bills might include confidential information that would be a target for identity thieves. Companies worry that they will be at risk for a data breach if they give customer data to a firm that can’t keep the information secure. They realize they must find a company that takes appropriate security measures. They are wise to do so, especially when you consider this, from a report done by the nonprofit ID Theft Center:

Data breaches are an ever-increasing threat to every industry, with the number of U.S. data breach incidents tracked in 2017 hitting a new record high of 1,579 breaches. Last year posted a 44.7 percent increase over 2016’s record-breaking numbers. Of the data breaches reported last year, 8.5 percent involved the financial sector, including entities such as banks, credit unions, credit card companies, mortgage and loan brokers, financial services, investment firms and trust companies, payday lenders and pension funds.

We worry about breaches too, and so, we took a proactive step about 5 years ago to find and test software that would protect our clients’ files as we use their data to process, print and mail their bills. This protection is now offered as an option to all of our transactional clients, for an additional fee, and is essential to those in industries like insurance, health care, banking or finance. Basically, if your data files include sensitive information like SSI numbers, medical records (HIPPA) or financial information like account numbers, this kind of security measure is a wise investment.

We turned to a trusted software developer

When we began looking for a security product for a prospective client, an insurance company, we turned to a software developer whose other products we use and like. Uluro has created customer management software for many industries; among the products we use are UCompose and UPayments. It also created UCampaign, Uweb, UTrack and the product we were interested in for securing customer data, USecure.

Having an ongoing, strong working relationship with Uluro allowed us to ask the company to have one of its experts come and meet with us and our transactional client. Having a Uluro representative there to answer our client’s IT experts’ very technical (and valid) questions and concerns made a big difference. (It also helped us learn even more about the product so that we can better answer other customers’ questions about it.)

Thanks to the conversations with Uluro, our insurance client signed on to have Bluegrass process their transactional mailings, and we’ve been doing so for the last 5 years. Each day, we receive customer data files from this client and we process, print and mail information to those customers for them. So far, thanks to USecure, this client has had no data breaches or issues and the system has worked flawlessly.

Protections are embedded in files

USecure provides a two-prong approach to security. On one side, customers can customize the software, setting protections and parameters that reflect its biggest concerns. One of the most important for our insurance client was to set a “use by” date — a time limit on how long their data would be available for us before it was virtually shredded. They opted to set a 48-hour limit. Data cannot be accessed outside the date range and is securely shredded should the data be accessible.

Larger companies with large IT departments typically know exactly what kinds of limits and protections they want to set; smaller companies that don’t have an IT professional on staff might need to consult with us about which safeguards they should put in place.

From our side, the USecure software allows us to encrypt a client’s data, and keep that encryption in place throughout the workflow process. Uluro says USecure is the only security software that allows files to be worked on while they are encrypted. Files are securely protected with 256-bit AES encryption; even if data was stolen somehow, it would be unreadable and unusable.

Other security parameters a client could set in USecure include:

• The intelligent data object that is embedded in the client’s files can protect the information in many ways: it can set the time limit on file use, ensure the file is at the approved delivery location or within the correct application. If the file doesn’t meet any of the set criteria, access will be denied.
• Because the data protection is embedded in the file, there is no need for key management, controlling access to secure keys, or decrypting data files for processing.
• Protection embedded in the data also lets a client or transactional firm control the server and network upon which the data is used. If someone attempts to move the data off that system to an unauthorized machine, access is denied, the attempt is recorded and the information is reported to a designated staff person.
• USecure can provide a detailed log of how the data file was used throughout its life cycle. The intelligent security object embedded in the data file logs the who, what, when and where of file access and gathers other information about who used it, like IP address and software serial numbers. If a breach is attempted, that information can be handed over to law enforcement so that they can investigate.
• USecure provides the level of security required for medical records and data that is must be protected in accordance with HIPAA regulations.

Thanks to this experience with our insurance client, we have felt confident recommending USecure to many other customers who have sensitive customer data.

Instead of spending money on insurance policies that protect a company when there is a data breach, we say, make a smaller investment and put a security system in place that assures your data will be safeguarded so that even if it is stolen, thanks to constant encryption, it will be completely useless to a cyber-criminal.

If you’d like to talk to us about USecure and how it can protect your transactional mail processing, give us a call.