Technology seems to change like the weather. And with it, the challenge of keeping our data secure. Much like the dangers of being exposed to the elements in severe weather, our data can be exposed to a multitude of cyber threats.

At the same time, we want to provide a client experience that is only full of sunshine. A client experience that gives them what they want at the click of a button. Cybersecurity is often at odds with that goal, requiring additional clicks in the process. But without those added clicks, data can be compromised, and the storm clouds come rolling in. At the end of the day, cybersecurity IS the best customer experience.

For commercial insurance agents, it is imperative you have what you need at your fingertips to provide the best customer experience to your clients. For example, integrating your software with a premium finance partner makes the process so much quicker, easier, and more efficient. However, it is crucial to understand the data security measures any potential partner takes before you start the integration process.

Cybersecurity is a shared responsibility. The more systems we secure, the more secure we all are. It can seem excessive. Until it is not enough. At BankDirect Capital Finance, traffic has always been blocked from high-risk countries such as Russia, but the recent increased threats against financial institutions brought on by the Ukraine conflict has caused us to increase our posture against any sort of cyber-attack. We are not an international company, but security threats know no borders.
In conversation with our CIO, he had this to say about what security should look like. It may be a bit technical, but it clearly illustrates the level of responsibility agents should be looking for in a premium finance partner.

Privacy and Security – Complex Version

• The website is secured and encrypted in transit with certificates using AES SHA-256 with RSA encryption and is at TLS 1.2 or higher.
• All Virtual Machine (“VM”) disk storage (non-database) is encrypted using BitLocker which uses Advanced Encryption Standard (AES) as its encryption algorithm with configurable key lengths of 256 bits (AES SHA-265 with RSA).  This ensures all data stored on VM drives is encrypted at rest.
• All non-VM Storage is encrypted using Microsoft Managed Keys for Azure Blobs, Tables, Files and Queues.  All external storage is encrypted at rest.
• BDSecure database servers use SQL Server Transparent Data Encryption (“TDE”) at the database level. All data stored in the database is encrypted at rest. Critical information within the database, such as passwords and ACH information, are additionally encrypted at the software level. No credit card numbers are stored in BDSecure but are stored at the card processor who provide BDSecure with secure tokens to access credit card payments.
• The website is secured by a dedicated Web Application Firewall (“WAF”). All internet traffic passes through this firewall and any traffic deemed unsafe is blocked before it makes it to the website. The blocks are logged and members of the BDSecure network team review and monitor the blocks. BDSecure completely blocks web access from countries that are deemed as a high cyber threat. This list is monitored and updated by our parent company.
• BDSecure makes use of a patch and vulnerability scanning service. Results of these scans are sent to our bank information security department.
• In addition to the traditional network login and password, BDSecure system access requires a Virtual Private Network (“VPN”) that makes use of point to site certificates that use SSL with AES SHA-256 with RSA. Security keys are rotated every 6 months at minimum. If an employee with VPN access terminates their employment at BDCF, their certificate would be revoked. User access review is performed by our bank regularly. Access to the network is additionally secured via 2 factor authentication using an authenticator application. This, in essence, means that for any type of system access there are 3 checkpoints that must pass: userid / password, authenticator application, and VPN certificate.
• In the BDSecure environment, the Azure Key Vault is used for secret management, key management, and certificate management. Access to the key vault is limited to 3 users.
• All security policies and procedures are reviewed annually by our parent company Texas Capital Bank. Security Testing is performed by third parties’ information security firms.

Being confident when it comes to data privacy and security can seem daunting. But it comes down to three basic principles – protect, detect, and respond.



The care and consideration you put into working with quality agency partners will pay dividends in peace of mind and customer trust and loyalty.

A secure customer experience is the best customer experience.

REGISTER TODAY for our upcoming webinar:
Yes. You can create your own Premium Finance Agreement