Re: Banking and state regulations regarding the transmission of banking routing/account information

[Chris Walsh <chris () cwalsh org>]

Not sure what the specific use case in question is, but if this is in  
the context of an ACH transaction, then the NACHA rules require  
encryption.

 From http://www.umacha.org/pdf/Update1Summary.pdf:

"Effective September 10, 2004, the NACHA Operating Rules will be  
expanded to require
all ACH transactions, regardless of Standard Entry Class (SEC) Code,  
that involve the
exchange or transmission of banking information via Unsecured  
Electronic Networks to
be either (1) encrypted using a commercially reasonable security  
technology that, at a
minimum, is equivalent to 128-bit RC4 encryption technology, or (2)  
transmitted via a
secure session utilizing a commercially reasonable security technology  
that provides a
level of security that, at a minimum, is equivalent to 128-bit RC4  
encryption technology.
Such encryption technology must be used prior to the key-entry and  
through transmission
of any banking information, and it applies to the transmission or  
exchange of banking
information between: a Receiver and an Originator; an Originator and  
an ODFI; an ODFI
and an ACH Operator; an ACH Operator and an RDFI; and an Originator,  
ODFI, RDFI,
or ACH Operator and a Third Party Service Provider. "

HTH.

cw
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

CREDANT Technologies, a leader in data security, offers advanced data encryption solutions.
Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently 
across your enterprise to ensure regulatory compliance.
http://www.credant.com/stopdataloss