Digital Payments
Compliance & Certifications

The right compliance strategy does three things for your business:

  1. Measures your security systems and processes, allowing you to address gaps
  2. Reduces liability and risk, mitigating vulnerabilities
  3. Maintains consumer confidence, protecting your reputation

One Inc reduces your risk exposure, simplifies your network security and compliance practices, and protects your policyholders from payment data theft.

Below, you’ll find an overview of One Inc’s payment data security compliance, along with what they mean for insurance companies.

Payment Data Security

PCI Compliance

Payment Card Industry Data Security Standard (PCI DSS)

PCI DSS applies to all companies that accept, process, store and transmit credit card information. Insurers must balance creating a frictionless payment experience while not sacrificing security.

3 Quick Facts:

What Insurers Need to Know:

  • One Inc is the highest level of certification - PCI DSS Level 1.
  • It’s possible to create a frictionless customer experience, without any payment card data traversing your network, using One Inc payment input forms.
  • Working with One Inc allows you to fully outsource card data to qualify for SAQ A – significantly reducing the time and cost to maintain PCI compliance.


NACHA (National Automated Clearing House Association) establishes operating rules for the ACH Network, governing electronic payments. Insurers that accept premiums payments and/or pay claims via ACH must ensure they and their vendors are NACHA compliant and keep-up with regular updates.

3 Quick Facts:

What Insurers Need to Know:

  • The One Inc Digital Payments Platform accepts and disburses funds via ACH for premiums and claims payments.
  • One Inc passes an annual audit of ACH processing controls and operational efficiency.
  • One Inc internal experts focus on current and future NACHA Operating Rules, studying their impact to insurers.


SOC-2 (Service Organization Controls), developed by the American Institute of Certified Public Accountants (AICPA), is a set of standards for managing customer data to protect privacy against malicious actors. With the extent of sensitive data insurance companies need to protect, their vendors must have the right oversight across their organizations.

3 Quick Facts:

  • There are 3 SOC Types based on the controls that are being examined.
  • SOC 2 covers vendor control assurance related to security, availability, processing, integrity, confidentiality and privacy.
  • There are two reports for SOC-2 – type 1 (snapshot) and type 2 (over a period).

What Insurers Need to Know:

  • SOC-2 compliant vendors prove they are taking the necessary measures to maintain privacy of you and your policyholders.
  • One Inc's Digital Payments Platform is SOC 2 Type 2 compliant, demonstrating effectiveness of controls and ability to meet security standards over a sustained period.

Payment Vehicles

Mastercard GRMP Payment Facilitator

The Mastercard GRMP Payment Facilitator Review is conducted by Mastercard’s Global Risk Management Program staff, examining the ability to manage, anticipate, and protect against fraud and other risks. Failed reviews can lead to fines up to $500k and deregistration.

One Inc passes an annual review, demonstrating effectiveness regarding fraud loss controls and other risk reduction procedures.

Mastercard Site Data Protection Compliant Service Provider

Related to PCI compliance, Mastercard requires all Level 1 Providers complete an annual onsite assessment conducted by a PCI SSC certified QSA (Quality Security Assessor) along with quarterly network scans. Failed assessments can results in fines up to $500k and revocation of Mastercard processing privileges.

One Inc is a Level 1 Mastercard Site Data Protection Compliant Service Provider, the highest level of certification.

Visa GRSP (Global Registry of Service Providers)

One Inc is listed under the Visa Global Registry of Service Providers, demonstrating One Inc as a trusted, compliant payment system investing in data security and protection of cardholder data.

Discover Global Network DISC Program

The Discover Information Security & Compliance Program helps companies promote compliance and meet PCI security standards, which helps safeguard cardholder data and limit data compromises.  Non-compliance can lead to PCI fees and significant costs related to data breaches, fraud losses and damages.

One Inc is DISC compliant, meeting the requirements of the highest level of PCI DSS certification.

American Express Compliance Program

The American Express Compliance Program validates that merchants are committed to protecting Cardholder Data and Sensitive Authentication Data. Non-compliance can lead to PCI fees, non-validation fees and termination of agreement with American Express.

One Inc is Level 1 compliant, the highest level of certification at American Express.

Wells Fargo PINLess

Wells Fargo’s PINless Compliance Assessment Program (PCAP) addresses the risk of processing debit cards without the security of a required PIN. Non-compliance can lead to fines or penalties from Wells Fargo. One Inc is compliant, passing an annual audit.

Federal Legislation

FACTA (Fair and Accurate Credit Transactions Act)

FACTA  requires companies that collect personal information to properly protect and dispose of it. Non-compliance penalties can be up to $2500 per violation. One Inc is FACTA compliant.

GLBA (Gramm-Leach-Bliley Act)

GLBA  requires financial institutions to safeguard sensitive customer data (names, addresses, bank and credit card account numbers, and more) and explain their information-sharing practices to their customers. Non-compliance can lead to fines of up to $100k for each violation or even imprisonment. One Inc is GLBA compliant.

TCPA (Telephone Consumer Protection Act)

TCPA restricts telephone solicitations and requires telemarketers to transmit caller ID information. Individuals can sue for up to $1500 for a willful violation. One Inc is TCPA compliant.

HIPPA (Health Insurance Portability and Accountability Act)

HIPPA reduces health care fraud and abuse by mandating industry-wide standards for health care information on electronic billing and other processes. It also requires the protection and confidential handling of protected health information. Non-compliance penalties can range from $100 to $50,000 per violation with a maximum penalty of $1.5M per year. One Inc is HIPPA compliant.

FinCEN BSA (Financial Crimes Enforcement Network Bank Secrecy Act)

FinCEN BSA defines precautionary actions for Money Services Businesses (MSBs) to prevent financial crimes. Criminal penalty for violating a BSA requirement is a fine of up to $500k and/or imprisonment. One Inc is FinCEN BSA compliant.

Learn more about how One Inc can help your company with security compliance. Get in Touch

The Big Three Problems in Insurance Payments


Retention & Persistency

Payments are the most frequent and important interaction with policyholders. Learn how to reduce the pain and keep customers longer.


Processing Costs

Processing fees, network security resources, PCI compliance, and reconciling. The cost of taking payments is a sizable portion of admin expenses. Learn how to reduce them.


Security & Compliance

Reduce risk, ease compliance, and increase the safety of customer data while reducing costs and simplifying the customer experience. It is suprisingly easy.