Federal regulators are urging banking institutions to pay more attention to vendor management in light of recent breaches, such as one that compromised core processor Fidelity National Information Services, better known as FIS. During a recent Community Bankers Advisory Committee meeting in Washington, D.C., examiners from the Federal Deposit Insurance Corp. stressed the obligations banks and credit unions have to ensure that the vendors they use maintain adequate levels of security. Regulators regularly examine certain vendors to ensure that sensitive information is sufficiently protected through the use of encryption and other technologies. The vendors include those that have contracts with banks for core banking services or that provide services covered under the Bank Service Act. The institutions that use those companies’ products and services should request reports on those examinations and follow up to ensure security mandates are being met, regulators say. Due diligence is the responsibility of the institution, not the examiner. […]
In 2004, prior to the merger which created FIS, FIS had acquired the rights to Profile, their main banking application, by acquiring Sanchez Computer Associates, Inc. of Malvern Pennsylvania. Sanchez Computer Associates, Inc. of Malvern Pennsylvania.
On July 3, 2007, Certegy Check Services, part of FNIS, announced that a worker at one of its subsidiaries stole 2.3 million consumer records containing credit card, bank account and other personal information. This estimate was later increased to 8.5 million consumer records. The next month, a law firm filed for a class-action lawsuit against CCS and parent company FNIS based on the privacy breach; the firm claims that, since CCS provides check-verification services to many major U.S. stores, “consumers do not choose to use the services of these companies but rather are forced to do so”