EFG Hits Digital Compliance and Data Security Head On with PCI DSS Certification and SSAE 18 SOC 2 Recertification - AutoSuccessOnline
Connect with us
Close Sidebar Panel Open Sidebar Panel

Industry News

EFG Hits Digital Compliance and Data Security Head On with PCI DSS Certification and SSAE 18 SOC 2 Recertification

EFG Companies today announced a new achievement in the company’s dedication to deliver the utmost data security for its clients, partners and contract holders:

Click Here to Read More
  • Certification by the Payment Card Industry Security Standards Council as PCI Data Security Standard compliant.
  • Recertification with the Service Organization Control 2 under the Statement of Standards for Attestation Engagements 18 guidelines from the American Institute of Certified Public Accountants.  In 2016, EFG was the first F&I provider to achieve SSAE 16 certification. 

As retail automotive companies increase their use of digital sales and technology to house personal and confidential information, data breach incidents have a direct impact on revenue.  According to the nonprofit Identity Theft Resource Center, more than half of all small businesses in the US experienced at least one security or data breach in 2021, a 17 percent increase from 2020, at an average expense of $250,000 to $500,000 per incident.


“Outside of its own proprietary applications, EFG integrates with close to 25 external platform and menu providers across its seven channels of business,” said Maurice Hamilton, vice president of technology at EFG Companies. “With the amount of confidential consumer information collected in the retail automotive, home warranty and lending industries, data security is mission critical to successfully conducting business, and we aggressively pursue heightened controls and protocols each year.”  

SSAE 18 certification is the most widely recognized information security standard, demonstrating to clients and contract holders that EFG has the necessary processes in place to ensure that personal and confidential information is secure. SOC 2 reports evaluate an organization’s information systems relevant to security, availability, processing integrity, confidentiality and privacy. 


PCI Data Security Standards protect payment account data for merchants, service providers and financial institutions throughout the payment lifecycle, removing the incentive for criminals to steal it. Specifically, PCI DSS contains a set of requirements based on collaboration between major card brands including American Express, Discover, Mastercard and Visa, to prevent payment data breaches and payment card fraud. Companies achieving certification deliver a higher standard of security for personal confidential information and compliance with federal, state, and local regulatory requirements. 

“The pandemic has greatly accelerated the use of digital tools, and our clients rely on EFG’s technology for everything from rating and selling products, fulfilling contracts and processing claims to managing reinsurance positions and reporting,” said John Pappanastos, president and CEO of EFG Companies. “We take our role as a business partner seriously and have taken the necessary steps to deliver the utmost data security – not only for our own data but that of our clients, partners and contract holders.”

Click to comment