CHECKISSUING PAYMENT SECURITY SYSTEMS
CheckIssuing Positive Pay
One of the most important tools available in preventing check fraud is Positive Pay. Positive Pay is an automated check matching service that helps stop most all counterfeit and altered checks. When the bank receives a check, also gets its check issue file. This information contains the account and check numbers, issue date, dollar amount, and any other details included. Then when a check is presented to the bank and does not have a “match” in the file, it can be checked out immediately and held aside until confirmed by you or the payee. This service is vital to keeping fraud as low as possible for all parties. Whether you are seeking to send out ten payments or 10,000 payments, your business will surely value the simple, straightforward and secure process CheckIssuing offers for efficiently and securely issuing checks.
CheckIssuing utilizes SAFEChecks, some of the most secure business checks printed in the world. Designed by Frank Abagnale with 12 safety features, the check is nearly impossible to replicate or to alter without fraud leaving physical evidence. Fully compatible with today’s Check 21 environment (bank imaging), the distinct appearance and combination leave virtually no room for error or check fraud. SAFEChecks are printed on true-watermarked security paper and are never sold blank without first being customized for and by each customer. For your protection, CheckIssuing is proud to represent SAFEChecks as our secure check service. Security features include:
- Controlled Paper Stock
- Fourdrinier Watermark
- Thermochromatic Ink
- Toner Anchorage
- Explicit Warning Bands
- Copy Void Pantograph
- Chemical Sensitivity
- Chemical Wash Detection Box
- Sequenced Inventory Control Numbers
- Laid Lines
- Visible Fibers
- Fluorescent Fibers
- Payee Area Protection
- “Do Not Negotiate” on Back Panel
- Security Features Listed on Back of Check
Whether professional or personal, your essential items deserve full confidentiality in a security envelope. Regular white standard envelopes are thin, and the contents can sometimes be viewed just by holding it up to a bright light. Without even evidence of tampering, your valuable information can easily slip into the wrong hands. Patterns printed on the inside of security envelopes protect both you and the recipient from unwanted viewing. The pattern either develops a tint that makes it difficult to see through the envelopes exterior or that distorts text contained in the contents making it illegible. Here at CheckIssuing, we believe it is better to be safe than sorry when handling physical mail of high importance. Some of the most common scenarios in which security envelopes include:
- Bank or tax statements
- Legal processing
- Mailed checks
- Health documents
- Very personal correspondence
- Offers that contain sensitive information
- Anything with a social security number or account number printed in the contents
OFAC and Anti-Money Laundering (AML) Controls
In the world of digital economies, the risk of money laundering and fraud are at an all-time high. Cyber-criminals use remittance services as a means to mask illegal trade and transactions. As a business grows, so do hackers, and they aren’t always easily distinguished nor country-specific. The Patriot Act requires all persons and companies doing business in the US to comply with Office of Foreign Assets Control (OFAC) regulations. Organizations who knowingly or negligently disregard checking with AML blacklists before making payments to individuals can face with legal action through the US Department of Treasury. Because of the fast-changing nature of global and intelligence activities, CheckIssuing believes that an entirely digital process for AML is essential to reducing the illegal payment risk.
OFAC is a part of the US Treasury Department that administers economic and trade sanctions based on U.S. foreign policy. OFAC distributes a database on Specially Designated Nationals (SDNs) which includes individuals and countries (e.g. Syria, Iran, etc.) that are sanctioned from participating in U.S. commerce. All Parties in the US or in non-sanctioned countries, sometimes have known money launderers. In the United Kingdom, the Consolidated List of Financial Sanctions Targets is an SDN-equivalent list. Because the US SDN list incorporates the United Nations list and the UK’s Consolidated List includes the EU list, the use of both provide virtual global coverage.
U.S. law requires all accounts of an OFAC-specified country or individual be blocked when such property is located in the United States or comes into the possession of U.S. individuals. For example, if there is an OFAC-designated party to the transaction, and the funds come from overseas, routed through a U.S. bank to an overseas bank, it must be blocked. The definition of assets is vast and is specifically defined within each sanction program. Assets and property includes anything of direct, indirect, present, future, or contingent value (including all types of bank transactions). Financial Institutions must block transactions that:
- Are by or on behalf of a blocked individual or entity
- Are to or go through a blocked entity; or
- Are in connection with a transaction in which a blocked individual or entity has an interest.
CheckIssuing uses specialized compliance software in order to help reduce both OFAC and AML risks and blocks and notifies clients of suspicious transactions.
Checkissuings systems are audited yearly to ensure compliance with SOC II standards with regard to the 5 key sections below:
- Security: The system is protected, both logically and physically, against unauthorized access.
- Availability: The system is available for operation and use as committed or agreed to.
- Processing Integrity: System processing is complete, accurate, timely, and authorized.
- Confidentiality: Information that is designated “confidential” is protected as committed or agreed.
- Privacy: Personal information is collected, used, retained, and disclosed in conformity with the commitments in the entity’s privacy notice and with the privacy principles put forth by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA).
SOC 2 requires a written statement of assertion and a description of one’s “system”. The written statement of assertion is required by management of the service organization, along with a description of one’s “system”. Of interest is that the historical SAS 70 auditing standard required a description of “controls”, which is generally perceived to be not as comprehensive or detailed as that of the description of a “system” for SOC 2 compliance (and SOC 1).
Just like SOC 1, SOC 2 reports come in two forms. Type I reports concern policies and procedures that were placed in operation at a specific moment in time. Type II reports, on the other hand, concern policies and procedures over a period of at least – systems must be evaluated for a minimum of six months. This generally makes SOC 2 type II reports more comprehensive and useful than type I reports when considering a possible service provider’s credentials.
A company that has achieved SOC 2 type II certification has therefore proven that its system is designed to keep its clients’ sensitive data secure. When it comes to working with the cloud and related IT services, such performance and reliability is absolutely essential and increasing required by regulators, examiners and auditors.