/* ---- Google Analytics Code Below */

Friday, July 09, 2021

Data Security for Payment Processing

A space I worked in for a while.  There is a lot of security that is required.  

Data Security Rules Instituted for U.S. Payment Processing System  By ZDNet  July 9, 2021

New data security rules governing the payment system that facilitates direct deposits and direct payments for nearly all U.S. bank and credit union accounts are now in effect.

The National Automated Clearinghouse Association (NACHA) stipulates that an account number used for any Automated Clearinghouse (ACH) payment must be rendered indecipherable while stored electronically.

This mandate is applicable to any facility where account numbers related to ACH entries are stored.

NACHA has instructed ACH originators and third parties that process over 6 million ACH transactions annually to render deposit account data unreadable when stored electronically, recommending measures that include encryption, truncation, tokenization, and destruction.

The regulator said access controls like passwords are unacceptable, but disk encryption is permitted, provided additional and prescribed physical safeguards are implemented.

in ZDNet  ... 


No comments: