BreachExchange mailing list archives
Re: Banking and state regulations regarding the transmission of banking routing/account information
From: "Al" <macwheel99 () wowway com>
Date: Thu, 16 Apr 2009 23:44:30 -0500
As a general rule, I would say you should NOT send ANY banking info via the Internet per se, Rather you should be using a system like VPN, which comes with encryption & passwords. To ask what the rules are for sending the info via Internet, is like asking what the rules are for painting your credit card info on the side of your building, or on your forehead, for everyone to see . there are no such rules, because no one is supposed to be doing that. Start with PCI contract if you are handling credit card information on any customers. Your company should have a contract with the bank. Here are the regulations imposed by PCI. Build and Maintain a Secure Network Compliance Requirement 1: Install and maintain a firewall configuration to protect data. Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters. Protect Cardholder Data Requirement 3: Protect stored data. Requirement 4: Encrypt transmission of cardholder data and sensitive information across public networks. Maintain a Vulnerability Management Program Requirement 5: Use and regularly update AV. Requirement 6: Develop and maintain secure systems and applications. Implement Strong Access Control Measures Requirement 7: Restrict access to data by business need-to-know. Requirement 8: Assign a unique ID to each person with computer access. Requirement 9: Restrict physical access to cardholder data. Regularly Monitor and Test Networks Requirement 10: Track and monitor all access to network resources and cardholder data. Requirement 11: Regularly test security systems and processes. Maintain an Information Security Policy Requirement 12: Maintain a policy that addresses information security. Each bank and credit card company adds its own additional regulations to the PCI standards. You need to check the contracts you have with them. Here are web sites with info regarding some of the legal ramifications, and what your goals should be. We can add more links like this. http://pcianswers.com/2009/01/21/what-pci-compliance-really-means/ http://infoseccompliance.blogspot.com/2008/02/legal-implications-risks-and-p roblems.html http://infoseccompliance.com/2009/04/02/who-is-minding-the-legal-risk-around -pci/ http://www.pcicomplianceguide.org/iso-acquirer-20080930-legal-rights-pci-com pliance.php The laws vary by state and nation. You are covered by whatever laws for your location, your bank's location, locations of any customers or vendors whose banking info is in the transmissions. - Al Mac _____ From: dataloss-bounces () datalossdb org [mailto:dataloss-bounces () datalossdb org] On Behalf Of fzbrick Sent: Thursday, April 16, 2009 3:02 PM To: dataloss () datalossdb org Subject: [Dataloss] Banking and state regulations regarding the transmissionof banking routing/account information Hi, Is anyone aware of written regulations regarding how bank routing and account information should be transmitted over the internet? Intuitively, it needs to be encrypted, however what seems clear to others isn't to others. I need a banking regulation, federal law, or banking requirement that says "Bank Routing and Account information shall be encrypted". Sorry, I am dealing with difficult people, who will not believe me, and need it spelled out to them in near comic book form. Thanks
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) CREDANT Technologies, a leader in data security, offers advanced data encryption solutions. Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently across your enterprise to ensure regulatory compliance. http://www.credant.com/stopdataloss
Current thread:
- Banking and state regulations regarding the transmission of banking routing/account information fzbrick (Apr 16)
- Re: Banking and state regulations regarding the transmission of banking routing/account information Al (Apr 17)
- Re: Banking and state regulations regarding the transmission of banking routing/account information Pia Sachs-Donerkiel (Apr 17)
- Re: Banking and state regulations regarding the transmission of banking routing/account information JAMES RITCHIE (Apr 17)
- Re: Banking and state regulations regarding the transmission of banking routing/account information Mark Simon (Apr 17)
- Re: Banking and state regulations regarding the transmission of banking routing/account information Luther Martin (Apr 17)
- Re: Banking and state regulations regarding the transmissionof banking routing/account information Maureen Fabbri (Apr 17)