Commonly overlooked, printers and multifunction devices play a significant role in meeting the privacy and security standards in the finance industry. One of the main security concerns in these standards is how private data is shared and transmitted; these are some questions you should ask your technology provider to ensure your machine is meeting these requirements.
But first, why are industry standards and compliance matter?
In the finance industry, the average annualized cost of cyber-related crimes is higher than any other industry. Breaches are often discovered when audits are performed, and lead back to the technology they are using as an access point. Any product used to process and transmit financial data and transmit should be looked at to ensure it has all necessary security features and doesn’t have any crucial vulnerabilities
Payment Card Industry Data Security Standard
One of the major security standards in finance has to do with devices that process, store, or transmit credit card information. Payment Card Industry Data Security Standard (otherwise known as PCI DSS) is what all devices must comply with, and many companies use this compliance in part of their product promotion as a key feature.
How secure transmission of credit card data relates to MFPs
While perhaps MFPS may not seem the most obvious component in the transfer of financially secure information, such as credit card data, it is still oftentimes used in secondary stages. If someone is placing an order over the phone or filling out an order form, that information may then be scanned or copied through an MFP to a local or remote server. It is for instances such as this that these devices, as well as the servers in these situations, need to ensure their PCI DSS. PCI DSS compliance standards are held to the same severity level as HIPAA (Health Insurance Portability and Accountability Act) compliance.
Other compliance standards
There are other financial industry standards which deal with the security of confidential information being transmitted via a networked MFP. If you have concerns about whether or not your particular MFP meets these standards, you should reach out your MFP provider and ask for them to elaborate on whether they comply with these standards, and how they do so.
SOX (Sarbanes Oxley Act)
Requires adequate internal controls for reliable financial reporting, including longer storage of larger volumes of sensitive information from different systems, quick and easy access to digital information.
Basel III (Basel Committee on Banking Supervision)
Includes stringent data reporting and risk management requirements.
SOC2 and SOC3 (AICPA Service Organization Control 2 and 3)
Relates to security controls associated with the accounting industry.
International evaluation standard of information security.
FFIEC (Federal Financial Institutions Examination Council, which essentially covers all financial institutions that do online banking)
They now require multifactor authentication (MFA), as opposed to SFA (single factor), as well as a high level of encryption for all financial transactions or OLTP (Online Transaction Processing). This can include biometrics such as voice ID, fingerprint/vein, iris, etc.
If you have questions about whether or for your business’ MFP is compliant with the necessary financial standards, your MFP provider should be able to review your machine’s features as they pertain to standards. Looking for a new machine, and want a consultant to go over all the options with you? The team at INNOVEX are here to help.