News & Resources

Debt collectors become data security experts

Aug 06, 2014 Philip Burgess

At this point, almost everyone's heard about the devastating effects of data breaches and how they occur. Many people might think of major crime syndicates infiltrating the websites of massive, multi-national organizations to steal billions. However, those more knowledgeable about the subject are aware that hackers can be from varying backgrounds, located in any nation, be of any age and have different goals. For instance, a teenage cybercriminal living in his parents' basement in the Midwest can do untold amounts of damage to anything from a large company to an individual he considers an enemy.

Because hackers now target anyone and everyone, professionals in any industry have to be ever vigilant about their digital strategies.

This certainly extends to those in the debt collection business. Recovery agents largely do their best work online these days. Because consumers tend to have a large online footprint, it's often easier to track down their whereabouts on the Internet while still staying well within the law. But now, they have to worry about another thing - cybercriminals and their impending attacks.

How can collectors make sure their information is safe? This needs to be a major focus, otherwise they could be on the hook financially and legally should a breach occur, and the firm in question could easily see irreversible reputational damage.

Taking a real look at defenses


One of the worst things a debt collection corporation can be is complacent. As insideARM put it, "A breach of your company's system doesn't mean you have no security in place; but on the other hand, the fact that there hasn't been a breach doesn't mean you have enough security in place."

This is especially true when an agency contracts a vendor to store consumer information. Citing information from the Ponemon Institute, the source noted that only 30 percent of recovery businesses associated with medical collections are confident in vendors' ability to secure consumer information.

Rather than assuming the collection agency and its business partners are safe because debt recovery-based breaches haven't been frequent, administrators need to evaluate their systems and protection strategies in an honest, thoughtful manner. If they find vulnerabilities, hackers undoubtedly will too - and there are likely to be dozens of holes that go unseen by novices. Again, these leaders can't stop there - they need to put the magnifying glass to their vendors as well to best ensure all-encompassing protection as much as possible.

Regulators are making security a focus
Any debt collection firm not taking cybersecurity seriously is at risk, because the regulatory bodies governing the industry certainly are.

According to CFPB Monitor, the Consumer Financial Protection Bureau has been shining a spotlight on protection for some time now, and its subjects are expected to comply with all mandates - everyone from debt collectors to alternative finance corporations. The source detailed that in early June, the Federal Financial Institutions Examination Council, along with the CFPB, the Fed and other governmental bodies, created a website acting as a resource for federal regulators with an interest in cybersecurity.

What can be done?
Because individuals, businesses and other organizations are putting such a focus on online protection, it is becoming easier than ever before to stay compliant and protected. InsideARM reported that collectors and vendors alike can look to leading legislation such as PCI-DSS and the Gramm-Leach-Bliley Act for specific action points, while also noting that many states are drafting their own cybersecurity regulations.

When these new laws emerge, debt collector corporation leaders need to be sure to educate agents on the developments and work them into training methods. After all, many workers in this realm have consumer data present on their computers at some point or another in the collection cycle. To stay safe, administrators may also want to contact vendors to be sure data is accurately protected on that front as well.

As far as steps that can be taken within the collection agency itself, the source mentioned that there are a number of ways to stay as safe as possible. For instance, TECH LOCK President and CEO Todd Langusch told the news provider that higher-ups like those on the board of directors need to set cybersecurity rules and ensure all staffers and vendors comply. Moreover, Langusch recommended that the policymakers in the company be direct when vetting third-party data storage services. They shouldn't be afraid to ask for specifics about risk assessment, oversight, encryption and other important factors.

Rather than be caught unawares by authorities - or by hackers themselves - recovery firms need to look into their precautions, as well as the security strategies used by business partners and vendors to cover all of their bases. Taking a proactive, rather than reactionary, stance will likely yield positive results.