December 05, 2018

Questions on truncating account numbers? NAFCU Compliance Blog has answers

complianceIn the wake of historic data breaches, NAFCU has received questions from member credit unions on the regulatory requirements related to truncating account numbers on periodic statements in order to protect members' financial information. NAFCU's Reginald Watson explains requirements for doing so under Regulation E in a new NAFCU Compliance Blog post.

"Surprisingly, there is not a lot of federal regulatory guidance with respect to the truncation of account numbers on statements and notices given to members," writes Watson. "Section 1005.9(a)(4) of Regulation E allows credit unions to truncate account numbers on receipts available at electronic terminals, such as ATMs."

Watson, NAFCU's regulatory compliance counsel, goes on to explain that the Federal Reserve in the preamble of Regulation E sought to "protect consumers and financial institutions against fraudulent withdrawals" by allowing account numbers to be truncated on ATM receipts. However, Watson says that the regulation seems to require credit unions to disclose the entire account number on a periodic statement.

"In this modern age where the risk of cybersecurity theft competes with the manual fraud risk of a stolen ATM receipt, it seems that protecting the member's personal information on an electronically available periodic statement is just as important," Watson argues.

Read the full post and access additional resources on the issue here.