Keeping ACH Data Secure

April 27, 2015
Data security is an important topic for any business, but it is of particular importance to those businesses who utilize electronic transactions through ACH (Automated Clearing House).

Recently NACHA, the electronic payment association, updated ACH rules covering data security. As an ACH Originator you are responsible for complying with the ACH Security Requirements. Following the security recommendations below will help to ensure your business is meeting the requirements, and protect your business from fraud.

Ensure ACH data is collected, stored, transmitted, and destroyed in a secure manner

  • Establish a security information or privacy policy and procedure that includes ACH activities

Store protected information in a secure manner

  • Paper documents should be shredded
  • Electronic documents should be erased or wiped
  • Lock sensitive paper documents in cabinets or drawers
  • Secure all devices such as desktops, laptops, mobile devices, etc. Utilize up-to-date anti-virus, anti-malware/spyware, or encryption software

Utilize effective passwords & protect electronic documents with passwords, encrypt or mask data when possible

  • Never use default passwords – always change vendor supplied passwords
  • Use strong passwords or a password phrase that is unique to each user
  • Do not share passwords with co-workers
  • Change passwords frequently
  • Use password-activated screen savers
  • Safeguard passwords

Block potential intruders

  • Restrict use of computers for business purposes only
  • Protect your IT system – anti-virus/spyware software, firewalls
  • Limit or disable unnecessary workstation ports, services, or devices
  • Utilize automatic log-outs after a certain amount of inactivity
  • Encrypt all data when moved and stored
  • Install updates as soon as they are published
  • Log off computer or device when not in use

Restrict access

  • Limit the number of locations where protected information is stored
  • Review and limit employee access to protected information, including server rooms
  • Take precaution when mailing protected information
  • Do not store protected information on portable devices
  • Transmit protected information over the internet in a secure session
  • Establish an Internet Acceptable Usage Policy

Educate staff

  • Keep protected information safe and secure at all times
  • Mask protected information in communications, such as phone calls, emails and regular mail
  • Make staff aware of security policy
  • Make staff aware of phishing scams, via email or phone calls
  • Notify staff immediately of potential security breaches
  • Establish a Clean Desk Policy
  • Business
  • Running a Business
  • Business Banking Online
  • Treasury Management

Learning Center articles, guides, blogs, podcasts, and videos are for informational purposes only and are not an advertisement for a product or service. The accuracy and completeness is not guaranteed and does not constitute legal or tax advice. Please consult with your own tax, legal, and financial advisors.