Security Features Your Screening Provider Should Offer

While uncovering an applicant’s background information is the purpose of background screening, you don’t want your provider to allow a security breach to uncover your sensitive account information. Hackers and identity thieves prowl the web looking to steal your personal data from accounts with sensitive information, including your profile or your candidate’s information within your screening vendor’s portal. 

If your background screening provider isn’t prepared, you could be the one paying the price. It’s important to ask yourself if your background screening provider utilizes security features to protect your sensitive information.

To help you protect your data and applicant-sensitive information, we’re breaking down three protection features (out of a very long list of certifications and standards) that your screening provider should have in place to keep your information safe. 

Multi-Factor Authentication (MFA)

What It Is:

Multi-Factor Authentication, or MFA, is a security detail that requires two or more types of authorization in order to access an account. Some examples of required authorization include email, password, security pin, and/or phone number. MFA protects sensitive information by making it harder for cyber threats to access an account.

How It Works:

When a user tries to access something with an MFA (phone, platform, server, etc), they’re prompted to enter authentication information sensitive to the account holder two separate times. An example of an MFA process would be logging into your background screening account or portal with your email and password and verifying it’s you by entering a code texted or emailed to a registered device. An MFA process keeps your information safe by ensuring each login attempt is by you and you alone and blocking any outside attempt.

The Verified First MFA Process:

Completing the MFA process is required each time you log in to your Verified First client portal. Once you input your email address and password associated with your existing account, our software will automatically send you a 6-digit code to your email and/or through text (if a number is on file). These codes are fresh and never used more than once. Our login page will prompt you to input the code in this designated box. By entering the information and clicking the “sign in securely” button, you’ll be admitted into your VF client portal main page. 

Payment Card Industry Data Security Standard (PCI DSS)

What It Is:

Payment Card Industry Data Security Standard, or PCI DSS for short, works to protect a client’s banking and payment information. This compliance feature stops unauthorized individuals from stealing sensitive information via ransomware, data breaches, and other cyber threats. PCI DSS is enforced by the PCI Security Council and is standard for businesses of all sizes.

How It Works:

PCI DSS is essentially a checklist of what a company such as a screening provider should be doing to secure cardholder data. There are three steps to this compliance standard.

1. Assess - A vendor needs to catalogue all cardholder assets and analyze the information for weak points in their security software that could be penetrated by a security threat to access clients’ information.
2. Repair - If a weak point is identified, IT should secure it and work to revamp their procedures to prevent future breaches. Afterwards, all existing business procedures should be revamped with the new protection strategy.
3. Report - The process of identifying and rectifying the incident should be compiled into a comprehensive report. Then, the company should report any breached banking information to the client and the client’s bank. 

The Verified First PCI DSS Process:

We utilize the PCI DSS process to continually scan for threats and strengthen any vulnerabilities. If we identify a weak spot or detect a security threat, a client’s information remains secure, and we alert their bank of the occurrence. 

Penetration Test

What It Is:

A penetration test, also known as a pen test, is a safe way a company can evaluate the strength of their security efforts by uncovering vulnerabilities. It measures how vulnerable a system could be to outside threats and notifies IT of the weak points. This information serves to better a company’s efforts in securing their online data.

How It Works:

This process is performed using manual or automated technologies that work to identify potential threats for servers, web applications, and other applications or infrastructure. Pen testers can then determine any potential exploits and make recommendations for security related improvements. If a vulnerability is identified, a tester makes a remediation recommendation for the IT team to fix.

The Verified First Security Penetration Process:

Verified First routinely performs application and infrastructure penetration testing on our applications to locate and then remediate any vulnerabilities. By proactively remediating any potential vulnerabilities, our IT professionals keep your data safe.

In Conclusion: Security Features Your Screening Provider Should Offer

Ask your background screening provider about the security features they offer, and if you don’t have one, ask prospective vendors if they utilize MFA, PCI DSS, and penetration tests. Verified First uses these three methods of securing your data along with other measures. Our services and the services of our vendors and partners align with best in class security certifications, standards, and controls. Our layered approach to application security ensures the confidentiality, integrity, and availability of customer data and our applications. In short, we’re always prepared for any threat to your online information.