Are your payments secure?

by Tom Jackson, Director of MyUsage Payments

Customers depend on you to keep their personal information safe

Data security is no longer something a ‘nice to have’… it is a ‘must have’.

Could your utility company be at risk from hackers?

As we become more and more dependent on online data and cloud services, the risk of cyberattacks is increasing. Even worse, utility companies and government organizations are not immune.

The importance of PCI DSS Level 1 compliance

Security accreditations can be extremely valuable if you take credit and debit card payments from the public. Not only can they help you standardize, test, and audit your and your vendors’ processes, but they provide reassurance to your customers too.

What is PCI DSS?

The Payment Card Industry Data Security Standard (PCI DSS) was launched in 2004. It is an international standard that is the result of collaboration between major payment card brands, including Visa, Mastercard, and American Express. The standard is facilitated by the Payment Card Industry Security Standards Council (PCI SSC).

  1. The installation and maintenance of a company firewall
  2. The creation of original system passwords (i.e. not using the ones supplied by the vendor)
  3. The protection of stored cardholder data
  4. The encryption of stored cardholder data
  5. The use of up-to-date anti-virus software
  6. The development and maintenance of secure systems and applications
  7. The restriction of cardholder data to staff on a ‘need to know’ basis
  8. A unique ID for everyone who uses a computer in the organization
  9. The restriction of physical access to cardholder data
  10. The tracking and monitoring of access to cardholder data
  11. The regular testing of security systems and processes
  12. The maintenance of a policy dealing with information security processes

The importance of Level 1 compliance

There are four different levels of PCI DSS compliance. The level your utility company or service provider needs to achieve depends on the number of transactions you handle each year. The lower the numerical level, the stricter the auditing process.

  • Level 1: Companies that process over six million card transactions a year.
  • Level 2: Companies that process one to six million transactions a year
  • Level 3: Companies that process 20,000 to one million transactions a year
  • Level 4: Companies that process fewer than 20,000 transactions a year

Why is PCI DSS so important?

Achieving the PCI DSS standard shows that you or your vendor can look after your customer’s card data, ensuring that it doesn’t fall victim to cyberattacks or is taken away from your premises. According to Trustwave, over one in three cybersecurity threats involve a payment card.

Remember to balance security with the customer experience

In a previous article, we mentioned that the inventor of the personal identification number (PIN) was planning on making each number six digits long. His wife convinced him to reduce the number to four digits as six would have been too hard for her to remember.

In summary

Taking steps to protect your online payment system requires a lot of forward planning and preparation by you or your vendor. However, it is a worthwhile investment for the convenience that a payment system provides to your customers.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Exceleron Software

Exceleron Software


North America’s leading utility prepay and payment service company.