Bank of America’s merchant services group, which handles transactions with Visa and MasterCard, requires detailed information, including maps, from third-party partners, said JoAnn Carlton, general counsel for the group, speaking at the conference.

Ms. Carlton is prepared to stop working with vendors, suppliers and other partners that won’t assume responsibility for the bank’s data when it passes through their systems. Creating useful maps is “a very tortured and complicated exercise,” she said, but important for managing security and risk related to customer personally identifiable information, or PII.

http://blogs.wsj.com/cio/2015/12/16/bank-of-america-creates-data-maps-to-prepare-for-cyberattack/