MVR Security Standards

MVR Check Security

In an age when security breaches seem to become an increasingly common occurrence, MVRchecks’ security standards remain second to none. MVRcheck is diligent in maintaining the most rigorous security practices, including the strategic use of Honeypots: programming decoys designed to lead hackers down the wrong rabbit hole. As they attempt to hack bogus data and systems, the system tracks their activity to expose hacking tactics and strategies. This allows IT professionals to improve system security without compromising the integrity of their systems and data.

MVRcheck provides the most comprehensive driver screening platforms in the industry. Our cloud-based software systems provide Companies and Insurance Agencies with tools to perform extensive driver screening and verifications.  Because our software connects directly to sensitive consumer information, security must be the first priority.

The MVRcheck security framework consists largely of the following checklist of tactics to prevent, secure, and protect its systems and consumer data.  This list is one of the more comprehensive security checklists in the industry, and rivals that of any technology provider. Our system infrastructure is powered by Amazon Cloud – An advantage of the AWS cloud is that it allows us to scale and innovate, while maintaining a secure environment. Cloud security at AWS is the highest priority.

☑️ Application Servers Imaged Daily

If a server that houses data fails the first barrier of security, we replace it within a matter of hours. There is no downtime; replacements are immediate without loss of data or impact to the customer.

☑️ Honeypots / Deception Technologies

We use deception technologies and traps to proactively detect and fight potential intrusions, and use the collected data to study and enhance our security systems.

☑️ Intelligent Threat Detection and Remediation

We not only stay abreast of security best practices and trends; we proactively work to find ways to keep our network and data safe. Utilizing services that analyze billions of events, from clicks, log-ins, and browsing activity, we effectively identify and block malicious activity.

☑️ Reputation Lists & Shared Threat Detection

We utilize a system to block approximately 20 million known malicious IP addresses.

☑️ Security as Code

Automation means less room for error. We automate security best practices whenever possible.

☑️ PCI, SOC2, EI3PA Audits

We utilize multiple rigorous third-party audits to ensure best practices are being followed.

☑️ Daily Releases

We use an agile release model, continuously releasing updates to ensure current software. We move and breathe updates.

☑️ Center for Internet Security (CIS) Benchmarks

We don’t skimp when it comes to configuring application servers; we follow rigorous guidelines to safeguard our systems.

☑️ Strong Data Encryption

To keep data secure, we use industry grade encryption. Sensitive data in motion or transit is encrypted using HTTPS and TLS 1.2. Sensitive data at rest (e.g. data stored in a database) is encrypted using AES-256 (the highest level of security possible). Encryption keys are fully managed using a Key Management Service (KMS). In addition, applicants Personal Information (DOB, SSN and DL Number) are redacted on the MVR Report.

☑️ Strong Hashing

Not your hash(brown) breakfast! Rather, a rigorous algorithm that is used for cryptographic functions and increased security.

☑️ MFA

We enforce Multi Factor Authentication (MFA) internally whenever possible. Users are required to authenticate using a code sent via email, SMS, etc. 

☑️ Account Passwords

Passwords must be 12 characters long, include at least 1 letter, 1 number and 1 special character ([email protected]#$%) and can not repeat any of the previous four passwords. 

☑️ Penetration Testing

We employ simulated cyber attack testing by third parties on a recurring basis.

☑️ Peer Review

All code is peer reviewed for security and best practices.

☑️ Static Code Analysis

We automatically scan for vulnerabilities and best practices as an added layer for quality and secure code.

☑️ Security Training

Our development team consists of highly skilled, creative, and innovative individuals. Every team member is also required to take secure coding training on a recurring basis. We work to stay ahead of security developments. All of our employees attend security training annually, from our Customer Service Representatives to our CEO, and everyone is Fair Credit Reporting Act (FCRA) Basic certified.

Software Security Hardware Security Security Partners Certifications

Software Security

Enterprise grade application framework
High security protocols & encryption (128/256 bit SSL/TLS)
Encrypting data in motion and at rest
Audit logging
Routine security scans and penetration testing
Disaster recovery procedures and protocols
Client controlled access (Multi-Factor Authentication)
Real time alerts of potential malicious behavior
IP logging for all log in attempts and orders
Tri-level password protection
Active analysis of network traffic
24/7/365 system monitoring

Hardware Security

Redundant systems & backups
Mirrored Data Center
Multiple security checkpoints
Enterprise firewall protection
Enterprise anti-virus software
Intrusion detection
Redundant UPS systems and diesel generators
Diverse upstream Internet Service Providers
Closed-circuit television cameras
Automated suppression systems
24/7/365 electronic and physical security

Security Partners



 

 

Amazon Cloud WebServices
Authorize.net
PCI DSS Compliant 
CloudFlare

Certifications

We start with continuous PCI and EI3PA certification assessments from an independent third-party, Sword and Shield Enterprise Security. We then enlist the help of security expert Qualys to continuously monitor our security and compliance landscape across our entire platform.

Third-party security certification
Staff training
Security oriented policies and procedures
Real-time data replication, both locally and off-site/out-of-region
Multi-factor authentication is a de facto industry standard and accepted best practice for login security.

AICPA’s trust service principles related to the following areas:

✔ Security: MVRcheck is protected against unauthorized access, through sufficient firewalls, multi-factor authentication, intrusion detection, and more.

✔ Availability: The system is consistently available for operation and use, with more than 99.95% uptime and continuous performance monitoring.

✔ Confidentiality: Confidential information stays that way through encryption, access controls and permissions, firewalls, and internal information policies and procedures.