Can we store ACH details--for US customers--in our own db?
-
28-10-2019 - |
Question
We are building a site where we need to keep ACH info of our users to send them money periodically. Is it fine to just store this info in our db? These are only for US customers and although this is technically financial information, we're assuming it does not fall into PCI DSS obligations.
Solution
If it's not credit card information, it's not within the scope of PCI-DSS, e.g. if you don't process CC PAN, your implementation is not within the scope of PCI-DSS. This information is available in the PCI-DSS document.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow