0

I'm working with a with a payment processing company that provides an API. One endpoint of this API requires a bank account number.

I'm not a PCI compliance expert or web security expert, so I want to tread carefully in this area.

What do I need to do in order accept a bank account number in a web form securely?

Jason Swett
  • 43,526
  • 67
  • 220
  • 351
  • If you are not handling *card* account numbers then PCI-DSS does not apply, but you can of course use the PCI documentation as a guide for handling the data. – Alex K. Jun 07 '14 at 09:59

1 Answers1

0

See if the payment processor works with a tokenizing company, like Spreedly (http://www.spreedly.com). You can post your form for the bank info to spreedly, they return a token, which you then use with the spreedly api to post a charge etc. Other tokenizing companies do similar.

troseman
  • 1,842
  • 20
  • 19