SOC 2 Certification Highlights Plumb Bill Pay’s Secure Technology Framework

Written by

We’re proud to share that Plumb Bill Pay is now SOC 2 certified. This certification reflects our ongoing commitment to data security, privacy, and operational excellence.

The SOC 2 audit was conducted by A-LIGN, the leading provider in cybersecurity compliance trusted by more than 4,000 global organizations to help mitigate cybersecurity risks.

At Plumb, our mission is to deliver exceptional service that creates financial clarity and peace of mind. Our clients trust us with their most sensitive financial information, and we take that responsibility seriously. To reinforce that trust, we voluntarily underwent a rigorous SOC 2 assessment to ensure that our security and operational controls meet the highest standards of security and compliance.

“Congratulations to Plumb Bill Pay for completing their SOC 2 audit, a widely recognized signal of trust and security,” said Steve Simmons, COO of A-LIGN. “It’s great to work with organizations like Plumb Bill Pay, who understand the value of expertise in driving an efficient audit and the importance of a high-quality final report.”

What is a SOC 2 report? 

Established by the American Institute of Certified Public Accountants (AICPA), the SOC 2 examination is designed for organizations of any size, regardless of industry and scope, to ensure the personal assets of their potential and existing customers are protected. SOC 2 reports are recognized globally and affirm that a company’s infrastructure, software, people, data, policies, procedures and operations have been formally reviewed.

Unlike a simple cybersecurity scan, a SOC 2 audit evaluates how a company’s internal controls are designed and operated to protect client data. It specifically reviews five trust service principles: security, availability, processing integrity, confidentiality, and privacy. This compliance confirms that Plumb Bill Pay has robust, independently verified controls in place to safeguard data—demonstrating our ongoing commitment to transparency, security, and trust.

Why SOC 2 Compliance Matters

In today’s digital environment, businesses increasingly rely on third-party providers —bringing both opportunity and heightened risk. With rising expectations around data security, SOC 2 compliance has become the gold standard for demonstrating a company’s ability to handle sensitive data responsibly and securely.

“Strong client relationships are built on trust. Achieving SOC 2 compliance is another way we show our clients that protecting their financial information is just as important to us as it is to them,” said Rob Scherer, President of Plumb.

For Plumb Bill Pay, this milestone underscores one of our core values: delivering peace of mind through trust and accountability. Our proprietary bill pay app is designed with bank-level security, layered access controls, and 24/7 real-time monitoring managed by our in-house IT team. SOC 2 certification affirms the strength and ongoing evolution of these security protocols—demonstrating our commitment to operating in a secure, compliant, and resilient operating environment.

This achievement also builds on the additional security layers and independent testing we’ve implemented over the years, ensuring a comprehensive and proactive approach to protecting our clients’ most sensitive financial data—so they can stay focused on what matters most.

A-LIGN Badge SOC-2 certified Plumb Bill Pay
Plumb Bill Pay’s SOC-2 Certified A-LIGN Badge

About Plumb Bill Pay

Plumb Bill Pay is a trusted provider of outsourced bill payment and financial operations services tailored for high-net-worth individuals, family offices, and their advisors. Combining secure technology with personalized support, Plumb delivers financial clarity, control, and peace of mind. For more information, visit: www.plumbbillpay.com.

About A-LIGN

A-LIGN is the leading provider of high-quality, efficient cybersecurity compliance programs. Combining experienced auditors and audit management technology, A-LIGN provides the widest breadth and depth of services including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI. A-LIGN is the number one issuer of SOC 2 and a leading HITRUST and FedRAMP assessor. To learn more, visit a-lign.com.

Unmasking Wire Fraud: Safeguarding High Net Worth Clients with Expert Vigilance

Written by

Wire fraud. We hear about it on the news and perhaps from friends or family members who have fallen victim to it, but what exactly is it? And why do high-net-worth individuals need to be especially concerned, and more importantly, how can they be protected?

What is Wire Fraud?

At its most basic level, wire fraud is a criminal offense that involves using some form of electronic communication – like phone calls, emails, or texts – to defraud someone. And it happens more often than you might think. According to the FBI, wire-transfer fraud causes approximately $2 billion in losses annually – and this has only been increasing in recent years.

Different Types of Wire Fraud

There are different types of wire fraud perpetrated by criminals. These include activities such as:

  • Phishing: Imposters send fake emails appearing to be from legitimate entities with the goal of capturing personal or financial information.
  • Identity theft: Criminals steal someone’s social security number or bank account information.
  • Investment scams: Offers of fraudulent investment opportunities are made via email or phone, often with a promise of high returns or guaranteed profits.
  • Business email compromise: Criminals gain access to an employee’s email account and use it to transfer sensitive information or funds to themselves.

Wire Fraud and High-Net-Worth Individuals

HNWI and UHWNI can be especially vulnerable to wire fraud for a few main reasons:

  • Their extreme wealth makes them a target for criminals.
  • The average age of a HNWI living in the United States is between 70 – 74, which is another group widely targeted by criminals.
  • Criminals assume that these people won’t notice or miss if/when funds go missing.

Because of these reasons, providing safe and secure financial services to high-net-worth clients is vitally important. Understanding the warning signs of a wire fraud attempt, and what to do to prevent them, is a key component to ensuring this protection.

{Read more about how we securely handle wire transfers, ACH, and check payments for our high-net-worth clients here.}

Wire Fraud Red Flags

The expert accountants and executives at Plumb are highly educated in how to spot wire fraud, and they undergo monthly training sessions to ensure that they are up to date on any recent wire fraud developments.

Here are some signs that might indicate a wire fraud attempt:

  • An urgent request for funds. This is especially concerning if it comes from a client who doesn’t typically place urgent requests – but any urgent request should be verified and vetted.
  • “No verbal approval required” messaging. This is a definite red flag, especially if the client usually requires verbal approval.
  • Small changes to a known email address. For example, perhaps there’s one letter missing in a name.
  • Request to send to a foreign entity if the client has only ever sent funds domestically.

Our team is trained to look out for patterns, and if a pattern is altered, they pick up the phone to confirm. They are also trained to follow the pre-set guidelines and process in place – regardless of whether the amount is $100 or $1,000,000.

Best Practices for Protecting High Net Worth Clients

Some essential measures Plumb has in place to protect HNWI clients from wire fraud include:

Robust cybersecurity measures

  • Implementing robust firewalls and intrusion detection systems.
  • Regularly updating and patching software and systems.
  • Conducting security audits and risk assessments.
  • Encrypted email and messaging platforms.
  • Multi-factor authentication for sensitive transactions.

Plumb’s strict firewall requires multi-factor authentication and encryption for all wire transfer instructions. Additionally, all new wire instructions must be verbally authenticated to ensure legitimacy.

Ongoing staff education

  • Employee training on identifying and preventing wire fraud.
  • Internal controls and checks/balances among team members.

At Plumb, the training starts from the moment a new junior team member begins their job, and it continues – consistently – from there. We also send members of our team for professional development specifically focused on cyber security and wire fraud so that they have certifications in Wire Transfers and Fraud.

The internal controls we have in place further help to protect our clients and their assets.

We take our role as stewards of our clients seriously, and we are proud of our impressive cybersecurity measures and education.

Take the Next Step Towards Safe and Secure Financial Services: Contact us at sales@thinkplumb.com to discuss how our outsourced bill payment services can enhance accuracy, save time, simplify record-keeping, reduce stress, and fortify the security of your financial transactions. Your peace of mind is our priority.