Secure File Sharing for Financial Services
Financial services file sharing all over the world runs on Cerberus FTP Server Enterprise Edition.
“After our first year, our CEO said it was the best value software that we’d ever bought because of the load it handled. Every other software we installed had problems.”
PCI DSS Compliance Tools
A complete suite of encryption, access monitoring and auditing tools to ensure your data transfers comply with PCI data security standards.
FIPS 140-2 Data Encryption
Government-certified encryption for cardholder data transmission and other financial file sharing.
Log All Data Processing
Full visibility into all cardholder data access, with configurable alerts and policies.
Fine-Grained System Access Controls
AD & LDAP security group integration, with client certificate validation and granular admin logging.
Data Policy Support
Automatically comply with file retention policies, deletion requirements and more when sharing financial files.
Event-Driven Actions
Set actions, alerts and transfers based on business rules.
Folder Monitor
Automatically set deletion policies.
Complete Protection Against Intrusion
Cerberus FTP Server provides intelligent access security for financial services file sharing.
IP Autobanning
Allow or deny IP addresses based on business rules, active security events, or requesting country.
User & Client Authentication
Verify clients against user credentials with public key and two-factor authentication.
Regulations Governing Secure File Sharing for Financial Services
This section outlines Cerberus FTP Server’s core areas of support for financial services file sharing and data transfer compliance according to U.S. and E.U. regulation and the Payment Card Industry (PCI)’s Security Standards Council requirements.
PCI Data Security Standard (PCI DSS) Compliance
PCI DSS is comprised of 12 high-level industry mandated requirements that apply to any bank, merchant, service provider or vendor that issues payment cards or processes payments via these cards. The standards are global, and required for those who issue or accept cards that use the Visa, Mastercard, American Express, Discover, or JCB networks. This page provides high-level information on specific requirements that apply to card payment-related file transfer.
4. Encrypt transmission of cardholder data across open, public networks
How Cerberus FTP Server Can Help
Cerberus’s Professional and Enterprise editions provide the most robust file transfer encryption methods (including FIPS 140-2 encryption) and support for a variety of secure transfer protocols (SFTP, FTPS, HTTPS, SCP, etc.) to support your environment. You can compare editions at this link.
10. Track and monitor all access to network resources and cardholder data
How Cerberus FTP Server Can Help
Our logging feature combined with the Event Manager feature in Cerberus’s Enterprise edition gives an administrator a complete view of all data processing activities with the ability to trigger and save reports based on server events.
8. Identify and authenticate access to system components
How Cerberus FTP Server Can Help
Cerberus FTP Server’s Professional and Enterprise editions support using Active Directory and LDAP security groups for access as well as client certificate validation.
For more information:
The European Data Protection Supervisor (EDPS)
Working under the GDPR’s larger rubric, the EDPS has provided data security guidelines for financial services companies operating in the EU.
Evaluate and Justify an Appropriate Retention Period
The EDPS requires that companies keep personal data for no longer than necessary and encourage strict systematic deletion.
How Cerberus FTP Server Can Help
Cerberus’s Folder Monitor feature allows administrators to create robust file management policies.
Consider Appropriate Data Security Measures
Step 9 of the EDPS guidance states that data security methods should “respect professional secrecy and should prohibit the disclosure of confidential information.”
How Cerberus FTP Server Can Help
- Our logging feature combined with the Event Manager feature in Cerberus’s Enterprise edition gives an administrator a complete view of all data processing activities with the ability to trigger and save reports based on server events.
- Cerberus also offers Active Directory or LDAP integration to help manage security user groups, and provides advanced reports of all administrator actions
For more information:
United States Regulations for File Transfer in Financial Services
In the United States, a number of governing bodies regulate financial services data transfer:
This page covers the high-level requirements of these national laws affecting financial services file transfer. Several states, notably New York and California, have also enacted financial services-specific regulations that affect data security as well.
FTC Safeguards Rule
The FTC enforces the federal requirement for financial services companies to protect “nonpublic personal information” (NPI), which is any personally identifiable financial information that a financial institution collects about an individual in connection with providing a financial product or service. The security of NPI data is governed by what is known as the Safeguard Rule, which requires financial institutions to regularly assess their data security risk and take steps to minimize that risk.
How Cerberus Can Help
Cerberus FTP Server offers a number of tools and features to help data security professionals ensure the security of their transfers. These tools include:
- Detailed file server auditing and reporting with Cerberus FTP Server Enterprise Edition‘s Report Manager
- Fine-tuned file access via Active Directory and LDAP security groups
- Extensive logging to provide audits of every user and file activity.
NACHA Data Security Compliance
NACHA enforces data security for all US-based organizations that process electronic funds transfers through the Automated Clearing House (ACH). NACHA requires that its members utilize a commercially reasonable standard of encryption technology when transmitting any banking information via an unsecured electronic network. NACHA also requires each ACH Operator to provided detailed transactional information regarding file receipt and processing.
How Cerberus FTP Server Can Help
- Encrypted File Transfer: Cerberus’s Professional and Enterprise editions provide our strongest data transfer encryption (including FIPS 140-2).
- File Transfer Integrity and Reporting: Our SFTP feature provide robust data on file and transfer integrity, although you may wish to contact our pre-sales support team with questions about your specific requirements.
FFIEC
FFIEC Rule I.C.13(b): Electronic Transmission of Information
This rule requires that any electronic transmission of information by a financial services institution should enact appropriate controls in order to restrict the type of information that can be transmitted and encrypt the information when it does so. The rule specifically suggests, but does not require, SFTP transfer.
How Cerberus FTP Server Can Help
Cerberus FTP Server Professional and Enterprise editions offer SFTP transfer via SSH2 with robust, customizable encryption methods in order to comply with the FFIEC’s data transfer requirements.