To meet industry payment compliance, you must select a solution provider with the highest degree of security and soundness when providing electronic payment services to your community.

• We meet and exceed industry standards and maintain close monitoring of industry changes.
• Our data center and customer relations staff understand compliance, regulations, and regulatory requirements.
• We understand regulations like the Gramm-Leach-Bliley act and integrate regulatory requirements into our daily operations.
• We provide the highest level of state-of-the-art compliance, security, and support.
• Our secure data center is certified each year to be a Level I PCI/DSS compliant service provider, the highest available rating in the industry.
• A comprehensive FFIEC audit is conducted on a regular basis by government regulators.
• In addition to required internal audit responsibilities, our data center undergoes annual third-party audits such as the SSAE-16 SOC1 Type II audit, IT Security audit, Risk Assessment audit and Financial audit, to name a few.
• EFS performs annual reviews of NACHA rule changes, financial regulatory changes, and other areas in order to meet compliance requirements.
• We support your audit, compliance, and reporting needs.
• Financial institution’s clients receive all third-party and internal audits annually, allowing the institution to fulfill its regulatory compliance requirements.

Processing ACH payments, accepting check images, audit reporting and other functions related to a comprehensive electronic payment program brings a certain amount of managed risk.

• Our data center and payment network has undergone a series of Risk Assessment reviews; however, we don’t stop there. Our Risk Assessment and Project Review and Approve Committees continually review and analyze risk exposure and risk impact and develop risk controls and risk monitoring solutions.
• Risk policies and procedures are recommended and reviewed by the Risk Assessment Committee, with oversight from the board of directors.
• Third-party risk assessment and IT security auditing firms perform annual reviews of the company’s payment network to ensure risk threats have been analyzed and sufficient risk controls have been established.
• Risk limits have been established to limit transaction exposure, including per-transaction, per-batch, per-file, per-day, 48-hour, 10-day, 30-day, 60-day and more.
• By implementing multi-level system access, dual posting authentication, automatic batch suspension, duplicate batch warning, duplicate check notice, real-time notification and many more controls, reducing risk exposure is easy.
• You are in control. You may restrict any system feature that can be used by your customer.