Nacha's Payments Innovation Alliance, a membership program bringing together diverse global stakeholders seeking to transform the payments industry, has published the Security Incident Response Procedure Guide for Companies. This free tool provides procedures and actions to take when a company reasonably suspects a security incident or breach involving personal or other proprietary data has occurred.

The Guide is a helpful tool for evaluating suspected incidents or breaches. It aids personnel in determining whether to trigger notifications to customers, individuals, regulators, credit card brands, the media, and/or consumer reporting agencies. It is particularly useful for companies assessing risk on a case-by-case basis, as it allows for careful consideration of the specific circumstances surrounding the risks and data involved in an incident. Companies may have additional contractual obligations if the incident or breach involves its customer data.

“Time is of the essence when responding to a suspected incident or breach. The types of data lost or stolen, the extent of the data loss and the governing federal and state laws are key considerations for a company’s response”, said Matt Luzadder, Managing Partner, Chicago Office, Kelley Drye & Warren LLP, and co-leader of the Alliance’s Cybersecurity & Payments AI Project Team. “The Security Incident Response Procedure Guide for Companies provides suggested actions to help companies plan, triage and respond to cyber incidents quickly to minimize the potential harm to the company, its customers or clients and business partners. Planning for potential incidents is key and the Guide can serve as a starting point for security discussions within an organization. All organizations are different, so it should be customized in consultation with information technology, compliance and legal advisors and tailored to fit an organization’s structure and industry.”

Companies are responsible for protecting customer data and mitigating incidents and breaches. “Companies should have comprehensive disaster recovery and incident response plans in place, conduct periodic employee training and testing, audit and review their systems appropriately and employ threat detection and response technologies”, said Luzadder. “The Security Incident Response Procedure Guide for Companies can serve as an important resource in developing these risk-reduction strategies and couples well with other Payments Innovation Alliance resources, such as the Tabletop Exercise released late last year.”  

The Payments Innovation Alliance’s Cybersecurity & Payments AI Project Team develops tools and resources to help organizations understand evolving threats related to potential cyberattacks and learn about the potential impact of artificial intelligence on the world of payments. To download the Guide, learn more about initiatives or join the Payments Innovation Alliance, visit https://www.nacha.org/cybersecurity-response-project-team.

About Nacha

Nacha governs the thriving ACH Network, the payment system that drives safe, smart, and fast Direct Deposits and Direct Payments with the capability to reach all U.S. bank and credit union accounts. There were 31.5 billion ACH Network payments made in 2023, valued at $80.1 trillion. Through problem-solving and consensus-building among diverse payment industry stakeholders, Nacha advances innovation and interoperability in the payments system. Nacha develops rules and standards, provides industry solutions, and delivers education, accreditation, and advisory services.