NACHA, the US e-payments association, is calling on finance professionals to provide feedback on additional security requirements to protect ACH-related data held by end-users.

The request for information (RFI) relates to the ACH Security Framework, which sets out new data security requirements for financial institutions, end-users and third-parties to protect ACH data. All feedback must be submitted by tomorrow, Friday, 4 August 2017. To have your say, complete the online survey. NACHA said that comment letters are also welcome.

Three concepts will be assessed in the survey:

1. the RFI seeks input regarding a potential supplement to the ACH Security Framework to require that large ACH originators and third-parties encrypt, mask or remove/replace (as appropriate) ACH-related account information that is held at rest;
2. it also requests feedback on whether there is interest and benefit in defining and enabling an ACH “Compromise Notification Entry” by which an ODFI/originator could notify an RDFI that specific account information has been compromised;
3. lastly, it requests feedback on whether and how RDFIs could use the existing Notification of Change process to provide originators with substitute account information.