Why did CheckWriter Legacy Edition Support End?
Use of CheckWriter™ 7.9 and prior is no longer legal for businesses in the US due to data security laws. Most versions prior to 7.8 are also not compliant with Federal Reserve regulations or standards.
What are the specifics behind the new laws and regulations?
- Check 21 – If you have version 6.3 or prior you are not Check 21 compliant.
– This means your drafts are likely being processed manually by the bank, where the bank keys in the item, or adds a jacket or stripe at the teller.
- EPC-6 – If you have CheckWriter™ version 7.8 or prior, you won’t be RCCI or EPC-6 Compliant.
– This mean you are not printing the #6 MICR symbol in codeline 44 which is now required for all items with NO SIGNATURE REQUIRED.
- PCI / DSS Compliance or equivalent for US data security laws.
– This means if you use a desktop version of CheckWriter™, or any other software that stores customer payment data, it won’t be legal to use.
–> After December 31, 2018, all 50 states, as well as the District of Columbia, Puerto Rico, and the US Virgin Islands will have enacted laws requiring notification of security breaches involving personal information such as checking account numbers. If you have a breach, you must notify the users, and include in your notice if the information was:
1. encrypted; or
If the data was un-encrypted, such as the data in CheckWriter LEGACY where data is only password protected, and not encrypted, there could be other implications.
According to Cyber Security Online, the average data breach can cost a company about $1.6M. CSO states a common insurance exclusion is, “Based upon negligent computer security. [So] if a data breach happens, coverage will be denied for companies that failed to use their best efforts to install software updates or releases, or failed to apply security patches to their computer systems.”
The Federal Trade Commission has used its authority under the FTC Act, to charge companies that: ” Fail to protect consumer personal data, leaving such data vulnerable to cyber attacks.”
–> For even older versions of CheckWriter Legacy, like 7.8 and prior, or any version that was distributed on CD ROM or floppy disk, they are not EPC-6 compliant.
The Federal Reserve EPC-6 Regulations for RCC items require that any “No Signature Required” items to be identified by the number 6 symbol, directly preceding the Routing Number.
If this EPC-6 is not in place, here is the top 5 list of consequences that our customers have reported for non-compliance with this regulation:
1. Bank censure letter with 30-day compliance mandate
2. Hold funds for 10 business days for check deposit audit
3. Return item(s) stamped “Counterfeit or Unauthorized”
4. Account Closure or Account Frozen
5. Bank returns 30 days of check draft deposits as unauthorized or counterfeit
How can having my customer data online possibly be safer than having it on my own computer?
–>Amazing as it may seem, your own computer is a dangerous place for customer data. Keeping customer payment data on your personal PC, or work PC, even behind a firewall and even with virus and malware protection is now a dangerous, and likely negligent act, especially if the data is not encrypted.
Encryption is not the same as password protection. With CheckWriter LEGACY, the data is stored in a database file that is password protected. This database file can be obtained and ‘unpacked’ by a hacker, exposing your customer data.
Hackers can come via email virus, spyware, through a web browser, from a remote technical support service, or they can just sit down at your machine and put the file on a flash drive if you work in an office.
Even Network and Enterprise Legacy software where the database is stored on a server is not considered secure because it is not encrypted.
–> Lastly, upon hard drive failure on a local machine or network server – when the computer finally gives up and needs replacement, unless you physically drill through the hard drive (RECOMMENDED) someone can recover that customer data and cause a negligent breach. You can also use services like Iron Mountain to shred the hard drive.
By using a secure virtual terminal (https://) that runs on the latest TLS / SSL, and meets similar standards to online banking, as well as PCI requirements where applicable, you can ensure greater security.
Use a system that automatically updates when laws and regulations change so you can focus on the important things.
Yes, there really is a Federal Reserve Police. Chances are they are not checking on EPC-6 compliance, but your bank eventually will if they have not already.
Compliance push, in a self-regulated industry, is good for everyone!
Unlike ACH, and the credit card processing industry, the check drafting industry is largely unregulated. This means our users can process millions of dollars in transactions without paying any fees or discount rates. When regulations are followed, check drafts are one of the safest and most economical forms of payment a business can accept.
To keep it that way, we may be contacting you to update the status on your CheckWriter Software, and to ensure that you are in compliance. CheckWriter has been published since 1996, and leads the industry in innovation and compliance.
– Single User LTD $25 + $8/mo. GET
Do you do a VERY LOW VOLUME less than 4 checks per month?
Call about the “Occasional Use” plan for $25 semi-annually ($25 every 6 months)