BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Banking and state regulations regarding the transmission of banking routing/account information

From: JAMES RITCHIE <james_ritchie () sbcglobal net>
Date: Fri, 17 Apr 2009 10:41:08 -0700 (PDT)
Standardization has come to the financial sector.  The Safety and Soundness review is based off of the following 
guidance. 

http://www.ffiec.gov/ffiecinfobase/html_pages/it_01.html

FDIC banks, NCUA, Savings and loans, and other now all follow the guidance above and have for the last couple of years. 
 

 James Ritchie
CISA, CISSP, PCI-QSA, MCSE, MCP+I, M-CIW-D, CIW-CI, Inet+, Network+, A+
http://www.linkedin.com/pub/1/b89/433
Bristol CT  06010




________________________________
From: Pia Sachs-Donerkiel <sachs () NEFCU com>
To: "dataloss () datalossdb org" <dataloss () datalossdb org>
Sent: Friday, April 17, 2009 9:56:04 AM
Subject: Re: [Dataloss] Banking and state regulations regarding the transmission of banking routing/account information

 
Well, it’s not Banking Reg, but I am sure FDIC has something similar to BCUA:
 
 Credit Union member  information security requirements, for federal credit unions, is spelled out in section 748 of 
NCUA’s Rules and Regulations.
 
Section iii  Development and implementation of member information security program; part C ;Manage and control risk  
paragraph (c) of part 748 states:
Each Credit Union shall employ encryption of electronic member information, including while in transit or in storage on 
networks or systems to which unauthorized individuals may have access.
 
 
Pia Sachs-Donerkiel
Payment Services Supervisor
New England Federal Credit Union
802-879-8773
802-764-6589 Fax
From:dataloss-bounces () datalossdb org [mailto:dataloss-bounces () datalossdb org] On Behalf Of fzbrick
Sent: Thursday, April 16, 2009 4:02 PM
To: dataloss () datalossdb org
Subject: [Dataloss] Banking and state regulations regarding the transmission of banking routing/account information
 
Hi,

Is anyone aware of written regulations regarding how bank routing and account information should be transmitted over 
the internet?

Intuitively, it needs to be encrypted, however what seems clear to others isn't to others.  I need a banking 
regulation, federal law, or banking requirement that says

"Bank Routing and Account information shall be encrypted".

Sorry, I am dealing with difficult people, who will not believe me, and need it spelled out to them in near comic book 
form.

Thanks


________________________________
 Confidentiality Notice: This email message, including any attachments, is for the sole use of the intended 
recipient(s) and may contain confidential & privileged information. Any unauthorized review, use, disclosure, or 
distribution is prohibited. If you are not the intended recipient, please contact sender by reply email & destroy all 
copies of the original message. To protect your privacy, we have removed personal and account information (such as 
member number, etc.) from the email being returned to you, and we advise you not to include confidential information if 
you respond to this email.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

CREDANT Technologies, a leader in data security, offers advanced data encryption solutions.
Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently 
across your enterprise to ensure regulatory compliance.
http://www.credant.com/stopdataloss
Previous By Date Next
Previous By Thread Next

Current thread: