NACHA is requesting comment from corporate end-users on new approaches for additional account information security.
As part of an effort to adapt to the today’s changing payments environment, NACHA is revisiting its data security rules and practices. The ACH network operator’s operating rules were last modified in 2013 to establish an ACH Security Framework.
NACHA has introduced new account security requirements to further protect ACH-related information held by originators and third parties. ACH Network participants are encouraged to review the proposed rules and add comments via an online survey.
NACHA is seeking feedback on the following proposals:
- A supplement to the ACH Security Framework that would require large ACH originators and third parties to encrypt, mask or remove/replace ACH-related account information that is held at rest
- Defining an ACH “Compromise Notification Entry” by which an originating depository financial institution (ODFI)/originator could notify a receiving depository financial institution (RDFI) that specific account information has been compromised
- Allowing RDFIs to use the existing Notification of Change process to provide originators with substitute account information.
Comments and responses are due by Friday, August 4, 2017. Find more information here.