Protecting sensitive data from cybercriminals is critical in today’s digital world. Tokens, which protect sensitive data by replacing it with non-sensitive data, are increasingly an important cybersecurity tool in card payments. However, a '90s era law prevents this tool from being used for certain non-card payments.
The travel rule, which is part of the Bank Secrecy Act, requires financial institutions involved in “covered” funds transfers to include account information in payment instructions in order to assist law enforcement investigations of money laundering and other crimes. An unintended consequence of the travel rule is that it prevents financial institutions from using tokens to protect account numbers for certain consumer and commercial payments. While the need for tokens could not have been anticipated when the travel rule went into effect, it is clear today that tokens are needed to protect account numbers in all payments.
It may be time to revisit certain laws to make sure they meet the cybersecurity requirements of the modern economy.