On Tuesday, EFG Companies announced a pair of achievements aimed at bolstering its commitment to deliver data security for its clients, partners and contract holders.

The company gained two certifications, including:

• Certification by the Payment Card Industry Security Standards Council (PCI SSC) as PCI Data Security Standard (DSS) compliant; and

• Recertification with the Service Organization Control 2 (SOC 2) under the Statement of Standards for Attestation Engagements 18 (SSAE 18) guidelines from the American Institute of Certified Public Accountants (AICPA). 

In 2016, EFG said it was the first F&I provider to achieve SSAE 16 certification.

As retail automotive companies increase their use of digital sales and technology to house personal and confidential information, EFG acknowledged that data breach incidents have a direct impact on revenue. 

According to the nonprofit Identity Theft Resource Center, more than half of all small businesses in the U.S. experienced at least one security or data breach in 2021, a 17% increase from 2020, at an average expense of $250,000 to $500,000 per incident.

“Outside of its own proprietary applications, EFG integrates with close to 25 external platform and menu providers across its seven channels of business,” said Maurice Hamilton, vice president of technology at EFG Companies.

“With the amount of confidential consumer information collected in the retail automotive, home warranty and lending industries, data security is mission critical to successfully conducting business, and we aggressively pursue heightened controls and protocols each year,” Hamilton continued in a news release.

Hamilton pointed out that SSAE 18 certification is the most widely recognized information security standard, demonstrating to clients and contract holders that EFG has the necessary processes in place to ensure that personal and confidential information is secure.

EFG noted that SOC 2 reports evaluate an organization’s information systems relevant to security, availability, processing integrity, confidentiality and privacy.

Meanwhile, EFG highlighted that PCI Data Security Standards (PCI DSS) protect payment account data for merchants, service providers and financial institutions throughout the payment lifecycle, removing the incentive for criminals to steal it. Specifically, PCI DSS contains a set of requirements based on collaboration between major card brands including American Express, Discover, Mastercard and Visa, to prevent payment data breaches and payment card fraud.

EFG said that companies achieving certification can deliver a higher standard of security for personal confidential information and compliance with federal, state and local regulatory requirements.

“The pandemic has greatly accelerated the use of digital tools, and our clients rely on EFG’s technology for everything from rating and selling products, fulfilling contracts and processing claims to managing reinsurance positions and reporting,” said John Pappanastos, president and chief executive officer of EFG Companies.

“We take our role as a business partner seriously and have taken the necessary steps to deliver the utmost data security – not only for our own data but that of our clients, partners and contract holders,” Pappanastos went on to say.