1
votes

We are working on a project its nature is somewhat ride sharing , I read about PCI Compliance i know we have to be PCI Compliance if we are dealing with credit card or payment i am a little ambiguous do we store our drivers bank info like Account number(encrypted) , Account title etc in database , i have read about

Who must be PCI compliant? "If you accept credit cards from your customers, then you must be PCI compliant" reference

so if we store only bank account numbers not credit card we must have to be PCI compliance.

1
I'm voting to close this question as off-topic because it is not a programming question.High Performance Mark
Yes it is !! there are numerous post on PCI Compliance there.Basit
#stackoverflow is to help developers ,this is not only for programming question.Basit
thousands of question there for pci-dss stackoverflow.com/questions/tagged/pci-dssBasit
no but it wouldn't hurt; it's sensitive data, treat it as suchMarcel

1 Answers

3
votes

You do not have to be PCI compliant as, you already have pointed out, that you do not handle credit card information. PCI DSS, which standards for Payment Card Industry Data Security Standard, only governs credit card data. ACH/Bank account information clearly does not fall under their purview.

However, there are rules around ACH/Bank account data governed by NACHA. You do fall under their scope and must obey their standards. So, essentially, there are a set of standards similar to PCI that must follow. So if you were hoping to avoid scrutiny and regulation you are out of luck.

You also may be governed by the laws of where your data is stored as well as where you operate. You would need to speak to a lawyer to get more information about that.