PaymentsJournal
No Result
View All Result
SIGN UP
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
PaymentsJournal
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
No Result
View All Result
PaymentsJournal
No Result
View All Result

New York CyberSecurity State of Mind

By Jason Hart
November 2, 2018
in Featured Content, Fraud & Security, Industry Opinions, Personal Data, Security
0
4
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn
cyber-security

cyber-security

The conversation around data protection is heating up as governments start to think more strategically and globally about information security and breaches. It’s increasingly clear that we need standardized cybersecurity regulations and more intense enforcement to track criminals across borders. In the wake of tough new regulatory frameworks adopted by the European Union and California, the U.S. Commerce Department is seeking comments on how to set nationwide data privacy rules.

Since 2013 data breaches have compromised more than 14 billion records containing personal information according to the Breach Level Index. As a result, data security has become a top priority for institutions and businesses, especially financial services companies that handle a lot of sensitive data. While much of the conversation has centered around GDPR and the California law, the New York state cybersecurity requirements for financial services companies, known as 23 NYCRR Part 500, will have a major impact on businesses and the future of security practices.

As a top global financial hub, New York is leading the way to fight the ever-increasing number of cyber-attacks. In today’s world of interconnected financial networks, it’s no longer a question of whether the breach is going to happen but when. The Department of Financial Service’s landmark regulation addresses this issue by requiring all financial institutions to have a strict and comprehensive cybersecurity policy in place, ensuring people can rely on these entities to protect and secure their sensitive data.

While 23 NYCRR Part 500 was passed in 2017, its implementation, similar to the European data privacy laws, includes multiple deadlines. The latest round came into effect this September and focuses on the encryption of non-public information – considered by many security experts as the biggest and most important part of the regulation. So, what does it mean for financial institutions and how can they prepare for it?

Let’s dive deeper into the definitions. The requirements cover individuals or non-governmental entities such as partnerships, corporations and associations, including banks, check cashing companies, health insurers, life insurers, mortgage brokers, and property and casualty companies. All of these organizations work with non-public information, defined as any sensitive information, including personal financial data, social security numbers, account numbers, and security codes and passwords. The encryption requirement of this law means that data should be encoded in a such way that only authorized parties can access it. Importantly, encryption itself does not prevent breaches but it renders the data unintelligible to anyone without the decoding key.

Financial services companies operate in a dynamic environment where data quickly expands in volume and constantly moves across virtual, cloud and on-premise ecosystems. This setting makes it particularly challenging for them to ensure compliance and encrypt sensitive information. That’s why organizations need to take a data-centric approach to secure confidentiality and integrity of data throughout its lifecycle and through the multiple layers of its traversal.

This is based on a comprehensive two-tier approach that revolves around the core encryption principles: encrypting and tokenizing the data and securely storing and managing the cryptographic keys in a centralized manner. Since encryption is only as strong as its key management counter-part, organizations must use centralized key management and policy enforcement to improve compliance, governance, visibility and efficiency. Without owning the keys, financial services companies won’t really own their data.

In order to safeguard sensitive information and guard it against advanced threats, companies must also place security controls on the users accessing this data. This means having mechanisms in place to continuously verify identities in order to ensure the right user has access to the right resource at the right level of trust through strong access management tools that combine single sign on, access policy enforcement and multi-factor authentication.

New York state regulations, that include policies around encryption, access controls and audit trails, set an important benchmark for all states to protect both institutions and consumers. While many of the current compliance regulations are outdated and don’t reflect the needs of the threat landscape, 23 NYCRR 500 actually address real issues the industry is struggling with. In order to respond effectively to ever-increasing cybersecurity risks of our globalized world and ensure cybersecurity policy meets the standards of the new requirements, financial institutions must review their encryption procedures, access privileges, and authentication approach.

The final round of compliance deadlines for 23 NYCRR 500 is March 1, 2019. By that date financial institutions will be required to implement third-party service provider security policies and ensure compliance with all parts of the regulation.

4
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn
Tags: Compliance and RegulationCybersecurityPersonal Data

    Get the Latest News and Insights Delivered Daily

    Subscribe to the PaymentsJournal Newsletter for exclusive insight and data from Javelin Strategy & Research analysts and industry professionals.

    Must Reads

    Making Real-Time Payments a Reality

    Fulfilling the Promise: Making Real-Time Payments a Reality

    July 10, 2025
    mortgage

    The Rich Benefits of In-House Payment Systems

    July 9, 2025
    digital cards

    Beyond Plastic: Why Digital Cards Are the Future

    July 8, 2025
    What Premium Card Overhauls by Chase and Amex Reveal About the Credit Card Market

    What Premium Card Overhauls by Chase and Amex Reveal About the Credit Card Market

    July 7, 2025
    Rewire Acquires Imagen, Looking at Prepaid Cards for Migrant Workers

    Smells Like Team Spirit: What Makes Cobranded Credit Cards Work

    July 3, 2025
    uk banking outages

    New Continuous Strategies for Battling Account Takeovers

    July 2, 2025
    Fraud Monitoring

    What to Expect When Nacha’s Fraud Monitoring Rules Take Effect

    July 1, 2025
    payments

    Don’t Just React to What’s Next in Payments—Anticipate It

    June 30, 2025

    Linkedin-in X-twitter
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter

    ©2024 PaymentsJournal.com |  Terms of Use | Privacy Policy

    • Commercial Payments
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    No Result
    View All Result