Secure File Sharing for Financial Services

Financial services file sharing all over the world runs on Cerberus FTP Server.

Cerberus FTP Server Admin Audit Trail

“After our first year, our CEO said it was the best value software that we’d ever bought because of the load it handled. Every other software we installed had problems.”

CTO, UK-Based Financial Services Provider

Cerberus FTP Server Version 11 Logging Tools

PCI DSS Compliance Tools

A complete suite of encryption, access monitoring and auditing tools to ensure your data transfers comply with PCI data security standards.

FIPS 140-2 Data Encryption

Government-certified encryption for cardholder data transmission and other financial file sharing.

Log All Data Processing

Full visibility into all cardholder data access, with configurable alerts and policies.

Fine-Grained System Access Controls

AD & LDAP security group integration, with client certificate validation and granular admin logging.

Data Policy Support

Automatically comply with file retention policies, deletion requirements and more when sharing financial files.

Cerberus FTP Server Automated File Transfer Event Manager Icon

Event-Driven Actions

Set actions, alerts and transfers based on business rules.

Folder Monitor

Automatically set deletion policies.

Cerberus FTP Server Event Manager for FTP Automation
Cerberus FTP Server IP Allow Deny Settings

Complete Protection Against Intrusion

Cerberus FTP Server provides intelligent access security for financial services file sharing. 

IP Autobanning

Allow or deny IP addresses based on business rules, active security events, or requesting country.

Cerberus User SSH Public Key Authentication Configuration

User & Client Authentication

Verify clients against user credentials with public key and two-factor authentication.

Regulations Governing Secure File Sharing for Financial Services

This section outlines Cerberus FTP Server’s core areas of support for financial services file sharing and data transfer compliance according to U.S. and E.U. regulation and the Payment Card Industry (PCI)’s Security Standards Council requirements.

PCI Data Security Standard (PCI DSS) Compliance

PCI DSS is comprised of 12 high-level industry mandated requirements that apply to any bank, merchant, service provider or vendor that issues payment cards or processes payments via these cards. The standards are global, and required for those who issue or accept cards that use the Visa, Mastercard, American Express, Discover, or JCB networks. This page provides high-level information on specific requirements that apply to card payment-related file transfer.

4. Encrypt transmission of cardholder data across open, public networks

How Cerberus FTP Server Can Help

Cerberus’s Professional and Enterprise editions provide the most robust file transfer encryption methods (including FIPS 140-2 encryption) and support for a variety of secure transfer protocols (SFTP, FTPS, HTTPS, SCP, etc.) to support your environment. You can compare editions at this link.

10. Track and monitor all access to network resources and cardholder data

How Cerberus FTP Server Can Help

Our logging feature combined with the Event Manager feature in Cerberus’s Enterprise edition gives an administrator a complete view of all data processing activities with the ability to trigger and save reports based on server events.

8. Identify and authenticate access to system components

How Cerberus FTP Server Can Help

Cerberus FTP Server’s Professional and Enterprise editions support using Active Directory and LDAP security groups for access as well as client certificate validation.

The European Data Protection Supervisor (EDPS)

Working under the GDPR’s larger rubric, the EDPS has provided data security guidelines for financial services companies operating in the EU.

Evaluate and Justify an Appropriate Retention Period

The EDPS requires that companies keep personal data for no longer than necessary and encourage strict systematic deletion.

How Cerberus FTP Server Can Help

Cerberus’s Folder Monitor feature allows administrators to create robust file management policies.

Consider Appropriate Data Security Measures

Step 9 of the EDPS guidance states that data security methods should “respect professional secrecy and should prohibit the disclosure of confidential information.”

How Cerberus FTP Server Can Help

  • Our logging feature combined with the Event Manager feature gives an administrator a complete view of all data processing activities with the ability to trigger and save reports based on server events.
  • Cerberus also offers Active Directory or LDAP integration to help manage security user groups, and provides advanced reports of all administrator actions

United States Regulations for File Transfer in Financial Services

In the United States, a number of governing bodies regulate financial services data transfer:

This page covers the high-level requirements of these national laws affecting financial services file transfer. Several states, notably New York and California, have also enacted financial services-specific regulations that affect data security as well.

FTC Safeguards Rule

The FTC enforces the federal requirement for financial services companies to protect “nonpublic personal information” (NPI), which is any personally identifiable financial information that a financial institution collects about an individual in connection with providing a financial product or service. The security of NPI data is governed by what is known as the Safeguard Rule, which requires financial institutions to regularly assess their data security risk and take steps to minimize that risk.

How Cerberus Can Help

Cerberus FTP Server offers a number of tools and features to help data security professionals ensure the security of their transfers. These tools include:

NACHA Data Security Compliance

NACHA enforces data security for all US-based organizations that process electronic funds transfers through the Automated Clearing House (ACH). NACHA requires that its members utilize a commercially reasonable standard of encryption technology when transmitting any banking information via an unsecured electronic network. NACHA also requires each ACH Operator to provided detailed transactional information regarding file receipt and processing.

How Cerberus FTP Server Can Help



FFIEC Rule I.C.13(b): Electronic Transmission of Information

This rule requires that any electronic transmission of information by a financial services institution should enact appropriate controls in order to restrict the type of information that can be transmitted and encrypt the information when it does so. The rule specifically suggests, but does not require, SFTP transfer.

How Cerberus FTP Server Can Help

Cerberus FTP Server Professional and Enterprise editions offer SFTP transfer via SSH2 with robust, customizable encryption methods in order to comply with the FFIEC’s data transfer requirements.

Have questions about using Cerberus for financial services file sharing?