Storing SEPA (IBAN and BIC) data - requires PCI co

2020-04-05 06:54发布

问题:

we would like to use a banking API to do SEPA transfers from our bank account to the user's bank account. For that the user needs to enter his IBAN and BIC into the form. We take those data (SSL secured) and transfer the money using the banking REST API. If we get a Success response, we show the user a message that the money was transferred to his account.

During the whole process we do not store the IBAN or BIC anywhere in local variables neither in the database. The connection to the fidor API is secure.

So there are the following questions: 1. Do SEPA data in general need PCI compliance? 2. If yes, would we need to be PCI compliant for the usecase above? Because we never store any of the data.

I tried to find information about this on google without success. If you have had the same usecase I would be very thankful if you could share your experience. Also if you have link about this topic I would also highly appreciate it.

Thanks in advance!

回答1:

IBAN and BIC are not secret information, so PCI DSS does not apply.