Can we store ACH details--for US customers--in our own db?

Question

We are building a site where we need to keep ACH info of our users to send them money periodically. Is it fine to just store this info in our db? These are only for US customers and although this is technically financial information, we're assuming it does not fall into PCI DSS obligations.

Answer 1

If it's not credit card information, it's not within the scope of PCI-DSS, e.g. if you don't process CC PAN, your implementation is not within the scope of PCI-DSS. This information is available in the PCI-DSS document.