: How to safely collect bank account from website and without an external gateway payment system I want to collect bank account information from my customers on my website. I would like to do
I want to collect bank account information from my customers on my website. I would like to do this using a online form, then I will download it to a PC, print it and then delete it from the website. Or eventually send it somewhere externally right after the user submitted the form so customers information is never stored the website.
The goal is to receive the payment information without having to ask the customer to print, fill manually, and send it over fax. And accomplish this without having to use an external payment gateway.
More posts by @Tiffany637
3 Comments
Sorted by latest first Latest Oldest Best
Don't do this on your own financial info storage system as it may burn you.
Here are just some of the problems you may encounter:
If you collect it online, you will end up storing it online in some format.
Your application is not completely secure (none are, so I say that with confidence).
Since you are storing the data online, it is accessible via online attack vectors.
Due to unforeseen security issues the data may be compromised by a hacker from Russia, the United States, South America or somewhere else more remote... there are lots of smart attackers out there and with online accessibility it is you vs the whole underworld 24/7.
Once your data is out, it's out and you have a massive mess on your hands.
To contrast this is what you pay third-party payment gateways for, not just the framework to use and process the data but also the responsibility for properly storing that data or dealing with a security compromise.
I figure that any developer should have used a third-party financial info storage service on at least three projects before they even compare that option with rolling their own solution.
One option is to create an HTML form that emails the data collected to a secure email address, the email address would only be used for collecting data from the form. And once that data is emailed and printed, you can then delete the email.
In order to do that, it would be incredibly insecure. Even with HTTPS, banks aren't going to give out account information based off of a name (Or whatever information you request). Third party companies can do this because the banks they are allowed access to scrutinize their system down to the single line for security holes.
Depending on what information you want to pull, I don't know of any language or method to do this, unless you want the certification from banks yourself. The information is stored within the bank itself, and they don't have API's. Another point of interest, there has to be some kind of proof of identity. You could be giving someone's financial information to a malicious party.
If you explained exactly what information you are requesting from the customer and what information you are requesting from the bank, that would help greatly.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.