Reputation: 1
Handling Bank information on Website (Not Storing)
I have website using MEAN stack and is accessed over HTTPS. I want the user to input their bank account details but I don't want to store the bank details (since I think there may be liability and security concerns). The information will then be sent to a 3rd party website like Transferwise where I can send over money to the user bank account.
My question is are there any security precautions that I need to take when I have the user input data on my website?
Upvotes: 0
Views: 112
Answers (1)
Reputation: 3669
You have asked a very broad question and thus will get a broad answer in return. Not persisting any data in the database helps a lot, but you could still fail due to logging sensitive data out on your server side or due to server/TLS misconfigurations.
You probably would want to be PCI DSS compliant (or at least be aware that such a thing exists and how your application relates to this standard). Fulfilling OWASP ASVS at least Level 1 requirements would be good as well.
Upvotes: 0
Related Questions
- Access own bank account via self-written application
- Should i expose bank details from my API as it is?
- What security measurements we should take if we are storing banking details?
- Can I store user bank details without PCI compliance?
- Don't save form data over https
- Best way to store bank account information of users?
- How do banks remember "your computer"?
- Web security: What prevents a hacker from spoofing a bank's site and grabbing data before form submission? (with example)
- Secure Data Transfer Between Websites
- Secure online registration form to capture credit card info