Q.) Do the Nacha Operating Rules dictate specific methods in which data at rest must be rendered unreadable under the Supplementing Data Security Rule?
A.) The Rules are neutral as to the methods/technologies that may be used to render data unreadable while stored at rest electronically. Encryption, truncation, tokenization, destruction, or having the financial institution store, host, or tokenize the account numbers, are among options for Originators and Third-Parties to consider, but each Originator or TPSP will need to make its own business decision in consultation with its legal counsel and technology providers.
Source: Nacha
Have a question for TCHPA? Call 800-875-2242 (choose option 3) or email education.services@theclearinghouse.org.
The information contained herein has been prepared for general informational purposes only and is not offered as and does not constitute legal advice. You should consult with your legal counsel regarding the legal, regulatory and payments industry rule requirements that apply to specific transaction scenarios.
|