Collection Advisor Magazine
Login RSS
A+ A A-

Breaking News

Hunstein Decision Not Final for All Other Circuit Courts Pending Possible R…

Steel Rose

The 11th Circuit Court of Appeals is withholding issuance of the mandate in Hunstein v. Preferred Collection and Management Services, of June 14, 2021. Therefore the Hunstein Decision is not final in all other circuit courts pending all 12 of the 11th circuit judges determining if they will rehear the case...


The Bottom Line

Product Spotlight

CSS Product Spotlight

Henry Gardner

CSS, Inc., a leading provider of enterprise class accounts receivable management and financial software offers a broad portfolio of platforms & solutions. CSS enables companies to transition their legacy revenue & payment management systems to a modern, cognitive, centralized, cloud-based Financial Ecosystem®. CSS may be utilized to provide business financial...


Skip Tracing Advisor

Developing a Network of Closed Sources by Ron Brown, Skip Tr…

Ron Brown

As we begin this article it is very important that the professional tracer clearly understand what constitutes a “CLOSED SOURCE”, the value of a closed source network and the obligation due to each closed source. Definition: CLOSED SOURCE… sources of information with restricted access and information available only through mutual information...


Collection Software Roundtables

Shielding Collectors From TCPA and FDCPA Violations

Joshua Fluegel

The demands of regulators lead collection professionals to collect debt with the credo of “as little contact with the consumer as possible.” Every eliminated encounter with a consumer while the payment is still being collected is one less chance for a TCPA or FDCPA violation. For this reason many accounts...


Feature Stories

Hunstein on Rehearing – Revisiting Article III Standing in t…

Eve Cann and Jonathan Green

On April 21, 2021, the Eleventh Circuit Court of Appeals issued its decision in Richard Hunstein v. Preferred Collection and Management Services, Inc., and potentially created a new claim under the Fair Debt Collection Practices Act (FDCPA) – ruling that a debt collector's sharing of information with a vendor is a violation...


Collection Agency Advisor

The Secret to Excelling in Profit AND Performance

Gordon C. Beck III

To each their own. That’s what I keep telling myself when discussing with my competitors what their strategy is to run and operate a successful collection agency. Everyone’s outlook is different, but the same. Sure, everyone wants to be a top agency, that’s what everyone is supposed to say. But...


Legal Collection Advisor

Executive Orders Impacting Collections

Michael Starzec

No, this is not a review of the 1996 thriller starring Kurt Russell, Halle Berry and Steven Seagal but it does focus on the prestige of the word “Executive.”   At hotels and sports arenas, you want the executive suite. In Illinois, at least a 1,000 corporations integrate “executive” into their...


Collection Industry Advisor

3 Options to Offer During Tax Season

Nick Jarman

When it comes to collecting debt, tax season is without argument the most profitable season of the year. Tax season starts at the beginning of February and wraps up in early May. February generally sees the highest return and slightly tapers off each month thereafter. One issue that can ease...


Compliance Advisor

PCI Compliance, SOC, and HITRUST

Debra J. Ciskey

With the June, 2019, disclosure of a data breach at AMCA looming large in the rearview mirror, debt collectors both large and small are scrambling to verify the security of their consumer portals and their consumer information in general. With numerous vendors and auditors serving the industry in this key...


PCI Compliance, SOC, and HITRUST

  • Written by Debra J. Ciskey

ciskey debra jWith the June, 2019, disclosure of a data breach at AMCA looming large in the rearview mirror, debt collectors both large and small are scrambling to verify the security of their consumer portals and their consumer information in general. With numerous vendors and auditors serving the industry in this key area of compliance, it is helpful to understand who’s who and what they can offer industry members. This article is the first of a series profiling data security firms serving the collection industry.

A newer player in the debt collection sector despite loads of experience in other business sectors, is the Drummond Group. As a first-time participant in the recent ACA Annual Convention and EXPO in San Diego, company representative Pierre Jamet told me that the Drummond Group’s booth was abuzz with industry members seeking information about data security audits, PCI compliance, SOC, and HITRUST.

I asked Jamet what sets the Drummond Group apart from other vendors and consultants offering similar services. He described their “security first” approach, which for clients means more than merely checking the “compliant” box on a data security questionnaire. It ensures achieving best practices for security at the same time as reaching a compliant status. Being secure provides a higher level of safety than merely being compliant.

No Jerks

Jamet explained that automated audits provide peace of mind that audits are occurring on a timely basis with little impact on the workload of IT staff. Such audits help agencies maintain compliance with client requirements for regular and timely audits. The Drummond Group regularly performs PCI DSS and PA-DSS audits and any other body of work required, including on site audits, quarterly vulnerability scans and gap assessments. Applying the company’s “No Jerks” policy, which says that the company will be there for its customers, and won’t make their customers feel stupid, Jamet taught me that PA-DSS are examinations of proprietary payment applications developed internally by a company for its own use. PCI Compliance services, including assessments for level 1 and level 2 service providers or merchants, provide strategies for ongoing compliance management. Gap analysis and self-assessment questionnaire support is also available.

For the assurance of clients, many of whom have become focused recently on quality assurance, Drummond Group provides audits and SOC attestations for SOC 1, SOC 2, SOC 3, SOC for Cybersecurity, and, once released, SOC for Supply Chains. In the collections space, SOC 2 exams meet most client requirements regarding principal service level commitments and system requirements.


Another differentiator in the marketplace is the company’s HITRUST Assessment Services. They have twice as many assessors on staff than many other providers, ensuring timely completion of projects. In fact, their approach to audits allows clients to complete multiple certifications with only one assessment engagement because the company gathers evidence once, broadly, so it is available for multiple uses. This approach also restrains costs considerably. Additionally, Drummond Group employs only U.S. based, full time and certified team members.

Knowing to whom to turn for client-required data security certifications can be a strain on debt collectors of any size. With huge concerns about data security, clients may consider this branch of compliance even more important that the consumer protection compliance issues we face under the CFPB and the pending Regulation F. In my next several articles I will profile other data security assessment and certification providers to make this process easier for readers.

Debra is the Executive Vice President at The Collections Coach, LLC. She began her nearly 40 year career in the collection industry in 1980 at ACA International in the federal affairs department, then leading the association’s Education initiatives as Director of Education. As an ACA instructor since 1983, Debra has taught nearly 200 ACA Seminars, and she served on ACA’s Board of Directors for 2 terms spanning 2012 to 2018. In 2000, Debra was inducted into ACA’s International Fellowship of Certified Collection Executives, and was named ACA’s Instructor of the Year in 2005.