Bank Info Security

Fidelity National Information Services

Federal regulators are urging banking institutions to pay more attention  to vendor management in light of recent breaches, such as one that  compromised core processor Fidelity National Information Services, better  known as FIS.  During a recent Community Bankers Advisory Committee meeting in  Washington, D.C., examiners from the Federal Deposit Insurance Corp.  stressed the obligations banks and credit unions have to ensure that the  vendors they use maintain adequate levels of security.  Regulators regularly examine certain vendors to ensure that sensitive  information is sufficiently protected through the use of encryption and  other technologies. The vendors include those that have contracts with  banks for core banking services or that provide services covered under the  Bank Service Act.  The institutions that use those companies’ products and services should  request reports on those examinations and follow up to ensure security  mandates are being met, regulators say. Due diligence is the  responsibility of the institution, not the examiner.  […]
In 2004, prior to the merger which created FIS, FIS had acquired the rights to Profile, their main banking application, by acquiring Sanchez Computer Associates, Inc. of Malvern Pennsylvania. Sanchez Computer Associates, Inc. of Malvern Pennsylvania.
On July 3, 2007, Certegy Check Services, part of FNIS, announced that a worker at one of its subsidiaries stole 2.3 million consumer records containing credit card, bank account and other personal information. This estimate was later increased to 8.5 million consumer records. The next month, a law firm filed for a class-action lawsuit against CCS and parent company FNIS based on the privacy breach; the firm claims that, since CCS provides check-verification services to many major U.S. stores, “consumers do not choose to use the services of these companies but rather are forced to do so”