A typical credit union downloads its report bundles daily from its processors. Usually, the only option is to store those highly sensitive Payment Card Industry (PCI) report bundles on a network drive, with some level of appropriate user access controls. The reports contain 16-digit card numbers, transaction-level details, and Personally Identifiable Information (PII) of credit union members. However, the network drive is not in a PCI compliant environment. Does this sound familiar? More importantly, do you know where your processor reports are being stored?
More and more board of directors and auditors are getting involved in this area of security and asking pertinent questions regarding the storage of information. Even if you do not believe that a data breach is a possibility (which is a false sense of security), this is still not the proper way to store and secure your reports.
Several tools on the market can solve this concern by extracting the reports, securely transmitting the data from the reports using File Transfer Protocol Secure (FTPS), and storing the report data in a secure environment, rather than on network drives. A side benefit of taking this action is to transform the report data into searchable data, which can be used by analysis tools.
When deciding which tool to use, here are some of the factors to consider:
continue reading »