Compliance Scorecard: Banking & Financial Regulations

Seven key regulations that security executives in this sector need to know

Also known as the Red Flag Rule, this set of regulations requires financial institutions and creditors to develop, implement and regularly update a written identity theft prevention program that will recognize indicators (Red Flags) of possible identity theft attempts in connection with covered accounts and work to prevent and mitigate the risk of such attacks. Each covered organization is responsible for coming up with its own list of Red Flags.

Payment Card Industry (PCI) Data Security Standards

The PCI DSS were developed by the major credit card companies of the PCI Security Standards Council to facilitate the broad adoption of consistent payment account data security measures. They include requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. Requirements include separation of duties, auditing of access to records, unique identities, conducting vulnerability scanning of Internet-facing systems, and identifying where all credit card data is located inside electronic systems.

The Security Executive Council ( is an innovative problem-solving research and services organization. We work with Tier 1 Security Leaders to reduce risk and add to corporate profitability in the process. A faculty of more than 100 experienced security executives provides strategy, insight and proven practices that cannot be found anywhere else. The Council is building the fastest-growing repository of proven resources to help you manage risk. Visit our resource page on security regulation and compliance issues: