Implementation of Increased Security and Data Control Policies by Debt Settlement Companies Would Result in Greater Adoption by ARM Companies

  • Email
  • Print
  • Printing Articles

    1. Click here to print!
    2. ...or print directly from your browser by choosing File > Print... from the menu or by pressing [Ctrl + P]. Our printer-friendly stylesheet will make sure extraneous website stuff isn't printed.
    3. You're done!

    Close this message.

  • Comments
  • RSS

Teresa Dodson

It’s difficult to avoid the media attention given to the importance of data security and the protection of consumer information. And given the damage that can occur (see, for instance, this story on the Global Payments Breach of over 10 million credit and debit card account numbers), and the potential financial losses incurred by all parties, maybe that’s a good thing.

The ARM industry has long been aware of the requirements placed on it by regulators to safeguard consumer data, and over the years the industry has taken great strides to improve its practices to safeguard consumer information. Many firms have now made significant investments in security and compliance, and more and more firms are adding compliance officers to their teams to ensure they stay current with the myriad changing regulations at the federal and state levels (see the story on “Compliance Officers: Necessary or a Luxury?”).

One of the strongest drivers of these comprehensive data security practices were the card issuers who were placing accounts with collection agencies and sharing NPPI data with debt buyers during the course of the negotiation of a sale. ARM industry participants who have recently endured the onboarding process and subsequent security audit from a card issuer understand how serious these organizations view data security in this environment of increased regulatory scrutiny.

ARM companies today must operate under a number of different compliance certifications such as PCI- DSS 2.0, SSAE 16 SOC 1 and SOC2 (the new SAS 70) and/or ISO 17799. While the cost and implementation of these policies and standards requires a significant investment by companies, the risk of a data breach or regulatory action against a company would be far more costly and the reputational damage can be long lasting and severely impact the ongoing operations of a company caught on the wrong side of an enforcement action.

In a recent survey published by insideARM.com (“Debt Settlement Survey: How Creditors and Collectors Utilize the Debt Settlement Industry to Increase Collections”) inside ARM.com found that roughly 50% of respondents stated that they now work with debt settlement companies as a way to increase their collections. When asked the reasons why firms chose not to work with debt settlement companies, over 29% reported security, compliance, and legal concerns as chief reasons for not working with the industry. It’s not surprising that a high percentage of respondents shared this concern at a time when agencies and buyers are operating under a heightened state of scrutiny in these areas. More interesting was the fact that over half of those who indicated they don’t work with debt settlement companies today, said they would change their minds and employ debt settlement as a strategy if provided a secure, PCI-complaint, aggregated platform through which they could settle accounts with debt settlement companies.

Reasons Provided for not Working with Debt Settlement Companies

Reason

Percent

Settlement Percentages too low

16%

Legal concerns about dealing with third parties

15%

Security/Compliance Concerns

14%

Industry Perceived as not reputable

13%

Prohibited by agency agreement with creditor

10%

Limited resources to dedicate to this channel

8%

Break rates too high

5%

Too hard to locate and manage multiple debt settlement providers

5%

Not enough knowledge of the industry to make this channel effective

4%

Other

10%

This underscores the perception by the ARM industry that debt settlement companies need to do more to change the way creditors and collectors perceive this industry and they way its managing sensitive consumer data. The Debt Settlement Industry associations should take the lead in this area, much like the ACA International and DBA International have done in the ARM industry, in providing operational guidelines, resources for education and training and adopting “Best Practices” of operations as it relates to compliance and security. Doing so could lead to a greater adoption of the debt settlement industry by collectors and creditors resulting in more recoveries for creditors, agencies and buyers, more revenue via settlements for debt settlement companies and greater relief for the consumer as a result of resolving their outstanding accounts.

Continuing the Discussion

We welcome and encourage readers to comment and engage in substantive exchanges over topics on insideARM.com. Users must always follow our Terms of Use. Also know that your comment will be deleted if you: use profanity, engage in any kind of hate speech, post an incoherent or irrelevant thought, make a point of targeting anyone, or do anything else we find unsavory. Your comment will be posted under your current Display Name, shown below. If you'd like to change your Display Name, you must update it on the My Profile page.

Leave a Reply