我可以存储不符合PCI标准的用户银行详细信息吗? [英] Can I store user bank details without PCI compliance?

问题描述

我们正在从事一个项目，该项目的本质是乘车共享，我读过有关PCI合规性的信息，我知道如果我们处理信用卡或付款，我们必须遵循PCI合规性的规定，我有点含糊不清，我们是否存储驾驶员银行信息像数据库中的帐号(已加密)，帐号标题等，我已经了解了

We are working on a project its nature is somewhat ride sharing , I read about PCI Compliance i know we have to be PCI Compliance if we are dealing with credit card or payment i am a little ambiguous do we store our drivers bank info like Account number(encrypted) , Account title etc in database , i have read about

谁必须符合PCI? 如果您接受客户的信用卡，那么您必须符合PCI规范".参考

Who must be PCI compliant? "If you accept credit cards from your customers, then you must be PCI compliant" reference

因此，如果我们仅存储银行帐号而不是信用卡 我们必须要遵守PCI.

so if we store only bank account numbers not credit card we must have to be PCI compliance.

推荐答案

您不必遵循PCI，因为您已经指出，您不处理信用卡信息. PCI DSS是支付卡行业数据安全标准的标准，仅管理信用卡数据. ACH/银行帐户信息显然不属于他们的权限.

You do not have to be PCI compliant as, you already have pointed out, that you do not handle credit card information. PCI DSS, which standards for Payment Card Industry Data Security Standard, only governs credit card data. ACH/Bank account information clearly does not fall under their purview.

但是，围绕由NACHA管理的ACH/银行帐户数据存在一些规则.您参加，但必须遵守他们的标准其标准.因此，从本质上讲，必须遵循一组类似于PCI的标准.因此，如果您希望避免进行审查和监管，那您就不走运了.

However, there are rules around ACH/Bank account data governed by NACHA. You do fall under their scope and must obey their standards. So, essentially, there are a set of standards similar to PCI that must follow. So if you were hoping to avoid scrutiny and regulation you are out of luck.

您还可能受到数据存储位置和操作位置的法律的约束.您需要与律师交谈，以获取有关此信息的更多信息.

You also may be governed by the laws of where your data is stored as well as where you operate. You would need to speak to a lawyer to get more information about that.

这篇关于我可以存储不符合PCI标准的用户银行详细信息吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！