Internet Initiated/Mobile Entries (WEB. Debit WEB entries are used by non-consumer Originators to debit a consumer based on an authorization that is communicated, other than by an oral communication, from the Receiver to the Originator via the Internet or a Wireless Network. Originators of WEB transactions must establish commercially reasonable methods of authentication to: a. Verify the identity of the Receiver; b. Detect fraudulent transactions; c. Establish secure internet sessions; and d. Procedures to verify the validity of the receiving bank’s routing number. Originators of WEB transactions must conduct an annual data security audit to ensure that Receiver’s financial information is protected by security practices and procedures that ensure the financial information the Originator obtains from Receives is protected by commercially reasonable security practices that include adequate levels of: a. Physical security to protect against theft, tampering, or damage; c. Network security to ensure secure capture, transmission, storage, distribution and destruction of financial information. This audit requirement can be met in several ways. It can be a component of a comprehensive internal or external audit, or it can be an independent audit that uses a commercially reasonable generally accepted security compliance program. An Originator that is already conducting an audit of these practices and procedures for another area of its business is not required to have two separate audits; however, the audit should address adequate levels of data security for the Originator’s ACH operations.
Appears in 7 contracts
Samples: Master Treasury Management Services Agreement, Master Treasury Management Services Agreement, Master Treasury Management Services Agreement
