Computer and Network Operations Supporting Funds Transfer
Wholesale funds transfer systems are high risk. Therefore, management should configure hardware and software components to control access and support effective monitoring. Management should develop change management procedures to ensure the integrity of the hardware configurations and applications software. Operations personnel should have the appropriate procedures to manage critical payment systems software.
Applications should employ strong user authentication, support user entitlement (information access and function controls) administration, and provide audit trails in sufficient detail to support the analysis or investigation of specific transactions. Management should enable funds transfer activity logs and designate independent staff members to monitor operations, applications support, system administration, and security administrators' activities associated with the funds transfer system.
Telecommunications systems employed for EFT can range from a dial-up connection between the institution and payments system (e.g., FedLine) to terminal connections with institution staff and customers that transmit institution's funds transfer system payment orders directly to Fedwire Funds Service via CI connection. An institution's information security program should include access, authentication, and transmission controls surrounding wire room activities and all terminal connections. Access and authentication controls may consist of personal identification numbers, passwords, or other identifying keys such as account numbers, balances, or other financial data. Financial institutions should use encryption as a means of protecting data throughout the EFT system. Encrypting data during transmission allows institutions to scramble the contents of message/payment orders during transmission and limit the value of the information to an interloper even if a transmission is intercepted. Nevertheless, financial institutions should monitor or prevent access to funds transfer activity by data processing personnel who have access to communications equipment and can monitor and record data flowing in clear text from encryption devices.
Funds Transfer Operations (Wire Room)
Wholesale Payment Systems Risk Management