Relevant Payment Brand PCI Programs:
Mastercard Site Data Protection Compliant Service Provider
One Inc is a Level 1 Mastercard Site Data Protection Compliant Service Provider, the highest level of certification.
Related to PCI compliance, Mastercard requires all Level 1 Providers complete an annual onsite assessment conducted by a PCI SSC certified QSA (Quality Security Assessor) along with quarterly network scans. Failed assessments can result in fines up to $500k and revocation of Mastercard processing privileges.
Visa GRSP (Global Registry of Service Providers)
One Inc is listed under the Visa Global Registry of Service Providers, demonstrating One Inc as a trusted, compliant payment system investing in data security and protection of cardholder data.
Discover Global Network DISC Program
One Inc is Discover Information Security & Compliance Program (DISC), meeting the requirements of the highest level of PCI DSS certification.
The DISC Program helps companies promote compliance and meet PCI security standards, which helps safeguard cardholder data and limit data compromises. Non-compliance can lead to PCI fines and significant costs related to data breaches, fraud losses and damages.
American Express Compliance Program
One Inc is Level 1 compliant with the American Express Compliance Program, the highest level of certification at American Express.
The American Express Compliance Program validates that merchants are committed to protecting Cardholder Data and Sensitive Authentication Data. Non-compliance can lead to PCI fines, non-validation fines and termination of agreement with American Express.
Nacha
One Inc is fully certified with National Automated Clearing House Association (Nacha) rules and regulations.
Nacha (National Automated Clearing House Association) establishes operating rules for the ACH Network, governing electronic payments. Insurers that accept premium payments and/or pay claims via ACH must ensure they and their vendors are Nacha compliant and keep up with regular updates.
SOC 1 and SOC 2
SOC (System and Organization Controls), developed by the American Institute of Certified Public Accountants (AICPA), is a set of standards that provides assurance of the effectiveness of security controls at an organization. With the extent of sensitive data insurance companies need to protect, their vendors must have the right oversight across their organizations.
3 Quick Facts:
- SOC 1 covers controls as they relate to customers’ financial statements.
- SOC 2 covers vendor control assurance related to security, availability, processing, integrity, confidentiality and privacy.
- There are two SOC reports – type 1 (snapshot) and type 2 (over a period).
What Insurers Need to Know:
- SOC 2 compliant vendors prove they are taking the necessary measures to maintain security of your data.
- One Inc's Digital Payments Platform is compliant with the SOC 2 Type 2 framework, demonstrating effectiveness of controls and ability to meet security standards over a sustained period.
- One Inc's Digital Payments Platform is also compliant with the SOC 1 Type 2 framework, meeting the needs of entities that use One Inc and the CPAs that audit their financial statements. Essentially, the SOC 1 Type 2 audit evaluates the effect of One Inc’s controls on your financial statements.
Payment Vehicles:
Mastercard GRMP Payment Facilitator
One Inc is a MasterCard GRMP reviewed Payment Facilitator, demonstrating effectiveness regarding fraud loss controls and other risk reduction procedures.
The Mastercard GRMP Payment Facilitator Review is conducted by Mastercard’s Global Risk Management Program staff, examining the ability to manage, anticipate, and protect against fraud and other risks. Failed reviews can lead to fines up to $500k and deregistration.
FACTA (Fair and Accurate Credit Transactions Act)
One Inc is compliant with the Fair and Accurate Credit Transactions Act (FACTA).
FACTA requires companies that collect personal information to properly protect and dispose of it. Non-compliance penalties can be up to $2500 per violation.
GLBA (Gramm-Leach-Bliley Act)
One Inc complies with the Gramm-Leach-Bliley Act (GLBA).
GLBA requires financial institutions to safeguard sensitive customer data (names, addresses, bank and credit card account numbers, and more) and explain their information-sharing practices to their customers. Non-compliance can lead to fines of up to $100k for each violation or even imprisonment.
TCPA (Telephone Consumer Protection Act)
One Inc complies with the Telephone Consumer Protection Act (TCPA)
TCPA restricts telephone solicitations and requires telemarketers to transmit caller ID information. Individuals can sue for up to $1500 for a willful violation.
HIPAA (Health Insurance Portability and Accountability Act)
One Inc complies with the Health Insurance Portability and Accountability Act (HIPAA).
HIPAA reduces health care fraud and abuse by mandating industry-wide standards for health care information on electronic billing and other processes. It also requires the protection and confidential handling of protected health information. Non-compliance penalties can range from $100 to $50,000 per violation with a maximum penalty of $1.5M per year.
FinCEN BSA (Financial Crimes Enforcement Network Bank Secrecy Act)
One Inc complies with the Financial Crimes Enforcement Network Bank Secrecy Act (FinCEN BSA).
FinCEN BSA defines precautionary actions for Money Services Businesses (MSBs) to prevent financial crimes. Criminal penalty for violating a BSA requirement is a fine of up to $500k and/or imprisonment. One Inc is FinCEN BSA compliant.
Learn more about how One Inc can help your company with security compliance.
