Secure File Transfer Solutions for Financial Services

Financial services companies all over the world rely on Cerberus FTP Server’s rock-solid security and reliability to support critical file transfer security. 

“After our first year, our CEO said it was the best value software that we’d ever bought because of the load it handled. Every other software we installed had problems.”

CTO, UK-Based Financial Services Provider

Regulations Governing Secure File Transfer for Financial Services

This section outlines Cerberus FTP Server’s core areas of support for financial services data transfer compliance according to U.S. and E.U. regulation and the Payment Card Industry (PCI)’s Security Standards Council requirements.

PCI Data Security Standard (PCI DSS) Compliance

PCI DSS is comprised of 12 high-level industry mandated requirements that apply to any bank, merchant, service provider or vendor that issues payment cards or processes payments via these cards. The standards are global, and required for those who issue or accept cards that use the Visa, Mastercard, American Express, Discover, or JCB networks. This page provides high-level information on specific requirements that apply to card payment-related file transfer.

4. Encrypt transmission of cardholder data across open, public networks

How Cerberus FTP Server Can Help

Cerberus’s Professional and Enterprise editions provide the most robust file transfer encryption methods (including FIPS 140-2 encryption) and support for a variety of secure transfer protocols (SFTP, FTPS, HTTPS, SCP, etc.) to support your environment. You can compare editions at this link.

10. Track and monitor all access to network resources and cardholder data

How Cerberus FTP Server Can Help

Our logging feature combined with the Event Manager feature in Cerberus’s Enterprise edition gives an administrator a complete view of all data processing activities with the ability to trigger and save reports based on server events.

8. Identify and authenticate access to system components

How Cerberus FTP Server Can Help

Cerberus FTP Server’s Professional and Enterprise editions support using Active Directory and LDAP security groups for access as well as client certificate validation.

The European Data Protection Supervisor (EDPS)

Working under the GDPR’s larger rubric, the EDPS has provided data security guidelines for financial services companies operating in the EU.

Evaluate and Justify an Appropriate Retention Period

The EDPS requires that companies keep personal data for no longer than necessary and encourage strict systematic deletion.

How Cerberus FTP Server Can Help

Cerberus’s Folder Monitor feature allows administrators to create robust file management policies.

Consider Appropriate Data Security Measures

Step 9 of the EDPS guidance states that data security methods should “respect professional secrecy and should prohibit the disclosure of confidential information.”

How Cerberus FTP Server Can Help

  • Our logging feature combined with the Event Manager feature in Cerberus’s Enterprise edition gives an administrator a complete view of all data processing activities with the ability to trigger and save reports based on server events.
  • Cerberus also offers Active Directory or LDAP integration to help manage security user groups, and provides advanced reports of all administrator actions

United States Regulations for File Transfer in Financial Services

In the United States, a number of governing bodies regulate financial services data transfer:

This page covers the high-level requirements of these national laws. Several states, notably New York and California, have also enacted financial services-specific regulations that affect data security as well.

FTC Safeguards Rule

The FTC enforces the federal requirement for financial services companies to protect “nonpublic personal information” (NPI), which is any personally identifiable financial information that a financial institution collects about an individual in connection with providing a financial product or service. The security of NPI data is governed by what is known as the Safeguard Rule, which requires financial institutions to regularly assess their data security risk and take steps to minimize that risk.

How Cerberus Can Help

Cerberus FTP Server offers a number of tools and features to help data security professionals ensure the security of their transfers. These tools include:

NACHA Data Security Compliance

NACHA enforces data security for all US-based organizations that process electronic funds transfers through the Automated Clearing House (ACH). NACHA requires that its members utilize a commercially reasonable standard of encryption technology when transmitting any banking information via an unsecured electronic network. NACHA also requires each ACH Operator to provided detailed transactional information regarding file receipt and processing.

How Cerberus FTP Server Can Help

 

FFIEC

FFIEC Rule I.C.13(b): Electronic Transmission of Information

This rule requires that any electronic transmission of information by a financial services institution should enact appropriate controls in order to restrict the type of information that can be transmitted and encrypt the information when it does so. The rule specifically suggests, but does not require, SFTP transfer.

How Cerberus FTP Server Can Help

Cerberus FTP Server Professional and Enterprise editions offer SFTP transfer via SSH2 with robust, customizable encryption methods in order to comply with the FFIEC’s data transfer requirements.

Have questions about using Cerberus for secure financial services file transfer?

Contact our pre-sales engineers below. 

Close Cart

Shopping Cart