Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
A client wants a registration form on their website which contains, among other fields, spaces for bank account information (including sort code and account number). The form will not submit the data to a database, so there is no storage of this information, but it will email the client with this information.
My question is, what are the security issues with emailing bank account information, and are there any accepted protocols / methods for maximising security?
Data security is vital for everybody dealing with payment data, because nothing is more important than keeping this kind of data as secure as possible. Bank account information definitely are to be dealt with highest care.
Well, everybody with access to this email (may it be the email provider or whoever is hacking into the SMTP traffic) can read the data. Therefore it is a big security issue, since you cannot control who has access to this. And you have even less control over what people do with this data.
Advice is not very easy to give here, this highly depends alot on what you have to code and which is the system enviroment, therefore my advice is only in a very general sense:
This list can go on and on.
There are some very extensive standards out there. For this kind of data, I recommend following the advices given in PCI DSS. Its main purpose is protecting card data, but its recommendations are also applicable to other topics.