By their very nature, EPS rely heavily on technology. Extensive reviews of a credit union’s information technology capabilities are conducted by information security and technology subject matter examiners.
As part of a review of a credit union’s electronic payments systems, examiners may assess:
- The security of employees’ user names, passwords, and other means of authentication
- Access to the various payment system networks (how are security tokens stored when they are not in use?)
- Whether or not the credit union has taken measures to protect its information security
- Whether or not the credit union has established and tested its disaster recovery plans, and
- The credit union’s disposal of old security tokens used to access EPS
Data Processing
A credit union’s information security and technology department or a contracted third party may transmit ACH files and other transactional data files to and from the Federal Reserve or a corporate credit union. This department may administer the security of all EPS and member data and set up system users (credit union employees) as requested by management. A credit union may also choose to have their data processing system automatically transmit files in lieu of the IS&T department.
Last updated September 25, 2017
