Storing SEPA (IBAN and BIC) data - requires PCI compliance?

十年热恋 提交于 2019-12-01 18:04:08

问题


we would like to use a banking API to do SEPA transfers from our bank account to the user's bank account. For that the user needs to enter his IBAN and BIC into the form. We take those data (SSL secured) and transfer the money using the banking REST API. If we get a Success response, we show the user a message that the money was transferred to his account.

During the whole process we do not store the IBAN or BIC anywhere in local variables neither in the database. The connection to the fidor API is secure.

So there are the following questions: 1. Do SEPA data in general need PCI compliance? 2. If yes, would we need to be PCI compliant for the usecase above? Because we never store any of the data.

I tried to find information about this on google without success. If you have had the same usecase I would be very thankful if you could share your experience. Also if you have link about this topic I would also highly appreciate it.

Thanks in advance!


回答1:


IBAN and BIC are not secret information, so PCI DSS does not apply.



来源:https://stackoverflow.com/questions/40799425/storing-sepa-iban-and-bic-data-requires-pci-compliance

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!