Handling Bank information on Website (Not Storing)
Question
I have website using MEAN stack and is accessed over HTTPS. I want the user to input their bank account details but I don't want to store the bank details (since I think there may be liability and security concerns). The information will then be sent to a 3rd party website like Transferwise where I can send over money to the user bank account.
My question is are there any security precautions that I need to take when I have the user input data on my website?
1 answers
solution1
0 2020-08-12 07:34:23
You have asked a very broad question and thus will get a broad answer in return. Not persisting any data in the database helps a lot, but you could still fail due to logging sensitive data out on your server side or due to server/TLS misconfigurations.
You probably would want to be PCI DSS compliant (or at least be aware that such a thing exists and how your application relates to this standard). Fulfilling OWASP ASVS at least Level 1 requirements would be good as well.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.