Can I store user bank details without PCI compliance?

我只是一个虾纸丫 提交于 2019-12-13 03:46:31

问题


We are working on a project its nature is somewhat ride sharing , I read about PCI Compliance i know we have to be PCI Compliance if we are dealing with credit card or payment i am a little ambiguous do we store our drivers bank info like Account number(encrypted) , Account title etc in database , i have read about

Who must be PCI compliant? "If you accept credit cards from your customers, then you must be PCI compliant" reference

so if we store only bank account numbers not credit card we must have to be PCI compliance.


回答1:


You do not have to be PCI compliant as, you already have pointed out, that you do not handle credit card information. PCI DSS, which standards for Payment Card Industry Data Security Standard, only governs credit card data. ACH/Bank account information clearly does not fall under their purview.

However, there are rules around ACH/Bank account data governed by NACHA. You do fall under their scope and must obey their standards. So, essentially, there are a set of standards similar to PCI that must follow. So if you were hoping to avoid scrutiny and regulation you are out of luck.

You also may be governed by the laws of where your data is stored as well as where you operate. You would need to speak to a lawyer to get more information about that.



来源:https://stackoverflow.com/questions/54665191/can-i-store-user-bank-details-without-pci-compliance

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!