Compliance is Key in Collections Payment Processing

Compliance in Collections Payment Processing

Data breaches and compliance issues can be the end of a collections business. After all, you are entrusted with a lot of sensitive information. That is why you can’t afford to be lax on your compliance and security.

Adhering to best practices for security and compliance offers protection from attacks and data breaches. You need a safe and reliable way to stay up to date with the latest compliance and security available; that’s where BillingTree comes in.

Collections Payment Processing: Simplifying Compliance

It may seem overwhelming to keep up with compliance in the ARM/collections space. There are always new regulations, additional ways hackers can access systems, and updated compliance rules to learn.

In the interest of simplifying this complex topic, here is a quick overview of the top compliance areas that every payment platform needs to have.

PCI-DSS: This is the most well-known compliance standard, and it was created to enact controls around how companies handle cardholder data to decrease credit card fraud. Give some bonus points to your payment provider if they are Level 1 certified because that means they have successfully processed more than 6 million Mastercard or Visa transactions annually.

NACHA: Formerly the National Automated Clearing House Association, this organization has created rules and standards around ACH or eChecks, where a consumer uses a checking account to remit payments either online, via IVR, or through a phone-assisted process with a live agent.

SSAE 18: Sometimes called the Statement on Standards for Attestation Engagements (SSAE) 18, SOC 1 compliance focuses on an organization’s controls around financial statements and encompasses an audit-related to these financials. SOC 2 covers a company’s controls related to operations and compliance, and more specifically, its security, availability, processing integrity, confidentiality, and privacy. This is the most up-to-date and comprehensive version of this compliance area.

HIPAA: If you operate in the healthcare industry, HIPAA is not optional; it is a requirement. Simply put, HIPAA handles the privacy and portability of consumers’ personal healthcare information and ensures security for personally identifiable information, including payment information. There have been recent breaches in the medical industry, so compliance is critical.


Now you know the basics of areas you must master to minimize the chances of a breach. The great news is that BillingTree can help you stay compliant because we have an entire compliance department dedicated to helping you reduce the risk and lower your chances of a breach. In addition, at BillingTree, there are several Accredited ACH Professionals (AAPs) on staff, for an extra level of confidence and trust.

The one thing you will find working with BillingTree is we anticipate your needs and can help you when pitching to the Fortune 500. We exist to grow your business, and we can do that by documenting our comprehensive compliance efforts and demonstrate our security controls.

We recommend you take the next step by requesting a processing compliance review. We’ll provide a complimentary evaluation of your current environment and uncover some opportunities to fill any gaps in your payment acceptance process. Get started today.

Back to the blog