Click2Gov is an online billing vendor that is used by many local government websites, including those in California, Texas, Arizona, Florida and Wisconsin. As with many such payment processing applications, the only time you see their name in headlines is when something has gone wrong.

And it has.

Breaches have been reported in multiple locations this year, from Oxnard, California to Wellington Florida. In each case, customers paying a utility bill through the city’s website were later informed of a data breach.

The search for answers is now underway. Superion, the company that supplies the Click2Gov software, has been offering patches and additional security controls, with varying results.

According to one assessment, there may be anywhere from 600 to 6,000 installations of Click2Gov, many of them older versions that are more subject to potential issues.

Obviously, the choice of a payment processing system for a municipal website is a critical one. Millions of Americans pay their water bills and other utility bills online every day though local government websites, and they expect their personal and credit card data to be protected.

While it is easy to condemn a competitor when there is a major breach like this, the truth is that no technology is inherently safe. From Facebook to Target, from Verizon to Experian, large companies with large amounts of data get hacked. And when they do, the information of their users gets sold or damaged. For cities where vendors expose citizen information, the damage in reputation and trust is especially critical, because people share so much information with the government.

The solution isn’t, in our opinion, to just change vendors and hope it won’t happen again. It likely will. The solution is to find a vendor that starts from the mindset that a breach can happen, and works backwards to minimize both the possibility and the damage.

At 360Civic, data security is at the forefront of everything we do. Your security is only as reliable as the proficiency of the vendor that created your website, as well as any third-party organizations such as an online billing vendors with access to your network (partners, hosts). When outsourcing is necessary it should be preceded by careful vetting. For our municipal clients, we use a payment-processing vendor that is equally focused on data protection. This is how our system is different.

Your credit card vendor is more vulnerable to attack if your website is vulnerable. Your website is more vulnerable if your hosting partner is not following best security practices. At 360, we understand this, so we build our websites with security as a first priority. We host our own solutions, we have a Chief Information and Security Office on staff, and we work with a credit card processing partner that not only provides exceptional rates for credit card processing, but teams with us to make the end-to-end system as secure as possible. We even share training duties to keep city, state and federal government agencies following best practices internally.

Additionally, we adhere to the mantra “collect as little information as you absolutely need.” We don’t aggregate information (adding social security numbers from one file, for example, to payment information on another). By minimizing how we collect information, we can minimize the scope of any attack.

Finally, we prepare for attacks. From looking for suspicious activity and patterns to having a communication plan in place before anything happens, we prepare our clients so they are nimble and ready to address issues head on. After all, the first and most serious casualty in most government breaches is the trust of its citizens.

If you don’t feel that your organization is protected in this way, maybe we can help. Whether you need a turnkey website solution, or wish to change payment processing vendors, contact 360Civic and let’s talk.

Learn more about our online security services

Ron Zayas

CEO

Ron Zayas is an online privacy expert, speaker, author, and CEO of 360Civic, a provider of online protection to law enforcement, judicial officers, and social workers. For more insight into onli... Read more

Stay up to date with online privacy best practices and news

Signup for our free IronWall360 newsletter