Nacha's security-breach guidance an essential tool

To expand on an item posted in Quick Takes under Breaking News on Fri., May 31, 2024, Nacha, which governs the ACH network, the payment system that drives direct deposits and direct payments and reaches all U.S. bank and credit union accounts, introduced a free tool to help companies deal with security incidents and breaches.

The security incident response procedure guide for companies is the work of Nacha's Payments Innovation Alliance, a membership program that brings together a diverse group of stakeholders focused on transforming the payments industry.

The tool is available for free and provides procedures and actions a company should take when it reasonably suspects a security incident or breach involving personal or other proprietary data.

The guide can help evaluate suspected incidents or breaches on a case-by-case basis. For example, it can help in determining whether and what notifications are necessary—to customers, regulators, the card brands, the media and/or consumer reporting agencies.

Planning is the key

"Time is of the essence when responding to a suspected incident or breach," said Matt Luzadder, managing partner in the Chicago office of Kelley Drye & Warren LLP. The guide offers suggested actions to help plan for, triage and respond to cyber incidents quickly, and thus minimize potential harm to all involved.

"Planning for potential incidents is key and the guide can serve as a starting point for security discussions within an organization," Luzadder said in a statement released by Nacha. Of course, all organizations are different, so plans should be customized, working with information technology, compliance and legal experts, he added.

The onus of data protection and for breach recovery is on companies that maintain that data. "Companies should have comprehensive disaster recovery and incident response plans in place, conduct periodic employee training and testing, audit and review their systems appropriately and employ threat detection and response technologies," Luzadder said.

The guide, he noted, "can serve as an important resource in developing these risk-reduction strategies." It can also be used in concert with other Alliance resources, such as a "tabletop exercise," which it released last year.

The tabletop exercise was developed to increase organizational preparedness, response and recovery efforts related to cyberattacks and provide actionable approaches for leadership, among other things. It also establishes a framework for compliance by focusing on applicable laws, regulations and rules.

Whether you want to upgrade your POS offerings, find a payment gateway partner, bone up on fintech regs or PCI requirements, find an upcoming trade show, read about faster payments, or discover the latest innovations in merchant acquiring, The Green Sheet is the resource for you. Since 1983, we've helped empower and connect payments professionals, starting with the merchant level salespeople who bring tailored payment acceptance and digital commerce tools, along with a host of other business services to merchants across the globe. The Green Sheet Inc. is also a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals.

Notice to readers: These are archived articles. Contact information, links and other details may be out of date. We regret any inconvenience.