Understanding Bank Account Encryption
The National Automated Clearing House Association (NACHA) sets data security requirements for originators to protect Direct Deposit Bank Account Numbers used in the initiation of Automated Clearing House (ACH) entries by rendering them unreadable when stored electronically. To comply with these rules you must perform a small amount of setup. It is also important to understand how PeopleSoft encrypts, decrypts, and masks bank account numbers.
Part of the NACHA requirements indicate that you must have a secure transmission when sending or receiving bank account information. PeopleSoft is not responsible for this. You must work with your financial institution to guarantee secure transmissions.
Note: This feature requires PeopleTools 8.57.15 or above.
PeopleSoft FSCM has many products that store and send bank account numbers.
These products include:
Accounts Payables
Accounts Receivables
Billing
Cash & Treasury
eBill Payments
eSettlements
Expenses
Financial Gateway
Global Components
Inventory
Supplier Lifecycle Management
Bank account numbers are masked to 16 characters regardless of the original length. The first two digits of a masked bank account number is a system-assigned prefix and the last four digits are displayed.
This example illustrates how the system creates the 16-character bank account number:
Prefix |
Mask characters |
Last four characters of bank account number |
---|---|---|
00 |
XXXXXXXXXX |
2134 |
Masking Logic for the External Accounts Page
Note: This masking logic applies only to the External Accounts Page. For all other pages, the masked bank account number always has a prefix of "00".
If the last four digits of two bank account numbers are the same, a two-digit prefix is assigned sequentially. For example, if the last four digits of two bank account numbers are the same, the system assigns "00" as the prefix for the first bank account number, and assigns "01" as the prefix for the second bank account number.
This example illustrates the generic masking for bank account numbers. Two bank account numbers (lines 2 and 3) have the same last four digits. Notice that the Mask Value appears to be the same:
Line |
Bank ID |
Account Number |
Mask Value |
---|---|---|---|
1 |
123456 |
1284366237 |
XXXXXX6237 |
2 |
123456 |
1107395556 |
XXXXXX5556 |
3 |
123456 |
1268375556 |
XXXXXX5556 |
4 |
1212 |
436712 |
XX6712 |
5 |
15875 |
81933 |
X1933 |
This example illustrates the same two account numbers (lines 2 and 3) have the same last four digits. Notice that the Mask Value appears different due to the prefix added and all masked bank account numbers are 16 characters in length:
Line |
Bank ID |
Account Number |
Mask Value |
---|---|---|---|
1 |
123456 |
1284366237 |
00XXXXXXXXXX6237 |
2 |
123456 |
1107395556 |
00XXXXXXXXXX5556 |
3 |
123456 |
1268375556 |
01XXXXXXXXXX5556 |
4 |
1212 |
436712 |
00XXXXXXXXXX6712 |
5 |
15875 |
81933 |
00XXXXXXXXXX1933 |
The two-digit prefix is always displayed at the beginning of a masked bank account number. The system assigns "00" to the first occurrence. When a bank account number is entered into the system and the last four-digits are a duplicate of another bank account number, the system assigns "01" as the prefix. If a third bank account number is entered with the same last four digits, the system assigns "02" as the prefix, and so on.
International Bank Account Number
When the encryption process runs the IBAN ID is also masked in all tables with the last four digits unmasked. There is no prefix logic for IBAN numbers.
If you previously used the Page and Field Configurator Masking Page to mask the bank account number field, remove the row from the Configure Fields for Masking section.
If you don't remove the bank account number from this section, when you select the "Unmask" button on an FSCM page, the bank account number changes to the value selected in the Mask Character field (all X's or all *'s).