At the end of 2018, Nacha (previously, NACHA or National Automated Clearing House Association) updated the Data Security Rule to have bank account numbers rendered unreadable when stored electronically for large senders of Automated Clearing House (ACH) transactions.
PeopleSoft FSCM has delivered a new FSCM Encryption application to allow for the encryption and masking of bank account numbers when not in use. The application allows administrators to decide the encryption algorithm utilizing the PeopleTools Encryption Technology. Roles can be assigned to allow who can see the data unmasked in the system.
Role-based Viewing of Encrypted and Unencrypted Data
Most users in your organization will not have the capability to view a fully displayed bank account number. However, there are some roles in the organization who will need to see the fully unencrypted bank account numbers for maintenance and updates. Please note this Role and associated permissions should be carefully assigned to a few key individuals who need the capability to maintain sensitive information.
An example of how the bank account will be displayed to an individual without the role and permissions allowing the option to view an unencrypted bank account number.
The Payables Options Page for a User Without Permission to View Unencrypted Data
You will notice the Bank Account Number is masked on the Supplier’s Payables Options page but shows the last 4 digits of the bank account number. Because they do not have the proper Role and Permission, the button to unmask the account is not available to them.
However, the display differs when a User with the proper Role and Permissions accesses the same page.
The Payables Options Page for a User with Permission to View Unencrypted Data
The user with the proper Role and Permission can click the “Unmask” button and view the full Bank Account.
PeopleSoft Financials and Supply Chain modules delivered functionality to encrypt sensitive data in the PeopleSoft records. Changes were made to how bank account numbers are viewed and updated. You will find this data masking of bank accounts in the following modules:
We recommend reviewing how many ACH transactions your organization sends in a year across all PeopleSoft applications. Create a plan of implementation based on the volume in your participating modules even though you may fall under the transaction counts for ACH transactions. It is still a good practice to consider implementing this encryption for enhanced data security.