Electronic FUnds Transfer Complaincy 2475



  • Ok, a little bit of a weird situation here but my manager just got off the phone with the bank and following a discussion on SAS-70 requirments and the implementation of EFT, we were told that EFT’s do not fall under PCI DSS compliancy. My question is, what compliancy regulates EFT, because we were informed by the bank that it is not PCI DSS and they did not know what compliancy it falls under. I know, retarded, but could anyone point me in the right direction.
    THanks again for the help
    JL



  • Depends what you mean by EFT. In a Point of Sales sense (EFTPOS) I would have thought that PCI DSS would be applicable.
    If you’re talking about wire transfers, inter-banks transfers, etc then you get into a whole different landscape. Unfortunately I don’t know the North American banking environment too well as it’s very different to Europe.



  • I believe it is for EFTPOS, and we were thinking the same thing, that it would fall under PCI DSS, but when we asked the bank, they said they believed it didnt fall under that specific compliancy. That is what threw us off a bit.
    Thanks for the pointers, i will look into PCI DSS definition a bit more, maybe they briefly mention it and i just do not recall seeing anything about EFTPOS.
    JL



  • OK, as far as I can see PCI DSS (physical security) does apply to EFTPOS and there is an additional standard - PCI PED - for PIN Entry Devices.


Log in to reply