Jump to content

Can I request a member's bank account info through email?

imgrooot

By imgrooot
in PHP Coding Help

 Share
Go to solution Solved by imgrooot,

Recommended Posts

imgrooot Advanced Member

imgrooot

Posted
Posted

I have been doing some research and I found out that it's a really really bad idea to store users' sensitive information in a database. 

 

Here's what I am trying to do.

 

1. Request a member's bank account info.

2. Make a direct deposit into their bank account from my bank account. This is done online through my bank's website.

 

My question is, if I can't store the member's bank account info in the database, can I at least request them to send it through an email? From there I can put it in excel sheet offline for storage and use that to make direct bank deposits to their account(s). Or is that illegal? If it is, then what's the best way to do this?

requinix Prolific Member

requinix

Posted
Posted

Simply by virtue of working with other people's bank account information, you should talk to a lawyer.

 

The information must be safe in transit, not just in storage. Pretty sure email does not count as safe. And you have to worry about server environment, both physically and virtually.

 

Look through PCI compliance requirements - it's for credit card information, but the principles should at least apply to bank account information too.

Phi11W Advanced Member

Phi11W

Posted
Posted

I have been doing some research and I found out that it's a really really bad idea to store users' sensitive information in a database. 

 

Here's what I am trying to do.

 

1. Request a member's bank account info.

2. Make a direct deposit into their bank account from my bank account. This is done online through my bank's website.

 

My question is, if I can't store the member's bank account info in the database, can I at least request them to send it through an email? From there I can put it in excel sheet offline for storage and use that to make direct bank deposits to their account(s). Or is that illegal? If it is, then what's the best way to do this?

 

It's a really really bad idea to store users' sensitive information in a database badly.

Oftentimes, you can't avoid needing this data, but you have to be very, very careful with it. 

 

Nobody (with any sense) is going to send you their bank account details by email. 

People have been bombarded by that kind of "phishing" nonsense from various countries around the world for [almost] as long as the Internet has existed! 

 

If you intend to do anything with anybody's bank account, then you need to retain records of having done so and that means that you absolutely have to have their bank account number.  How you acquire and store it is largely up to you but if you're not [strongly] encrypting it in transit (i.e. an https web site) and in the database then, frankly, you're just asking for trouble. 

 

Don;t even think about Excel.  

It's a useful tool for crunching numbers but it is no substitute for a proper database.

 

Regards,   Phill  W.

imgrooot Advanced Member

imgrooot

Posted
  • Author
Posted

Judging from what you all said, I should avoid collecting users' bank info on my own. Fair point. And I have looked at Stripe and it's not the exact solution I am looking for. 

 

The I guess I have two other ways to do this. Western Union and E-wallet.  Do you have suggestions to a reputable international e-wallet? By e-wallet, I don't mean a bitcoin wallet.

imgrooot Advanced Member

imgrooot

Posted
  • Author
Posted

What exactly is this process? Why are (were) people going to give you bank info and why were you going to send them money? Are you basically looking for a way to send people money?

 

I can't go into details about the whole process. But in short, yes I am looking to send people the money, not only in North America but internationally. I would like to know what the best option would be for that.

kicken Prolific Member

kicken

Posted
Posted

You should check with whatever service provider you are using to send the money to see if the support capturing the information on their end then giving you a token. Most payment processors can do this for credit card data so that you can let them worry about storing it and dealing with PCI and you just need to keep the token/your account secure.

  • Solution
imgrooot Advanced Member

imgrooot

Posted
  • Author
  • Solution
Posted

You should check with whatever service provider you are using to send the money to see if the support capturing the information on their end then giving you a token. Most payment processors can do this for credit card data so that you can let them worry about storing it and dealing with PCI and you just need to keep the token/your account secure.

 

That is one of the methods I am looking into. 

  • 1 month later...
data888 Member

data888

Posted
Posted

I have been doing some research and I found out that it's a really really bad idea to store users' sensitive information in a database. 

 

Here's what I am trying to do.

 

1. Request a member's bank account info.

2. Make a direct deposit into their bank account from my bank account. This is done online through my bank's website.

 

My question is, if I can't store the member's bank account info in the database, can I at least request them to send it through an email? From there I can put it in excel sheet offline for storage and use that to make direct bank deposits to their account(s). Or is that illegal? If it is, then what's the best way to do this?

It isn't illegal. There often are websites that request and store financial information... there has to be a business need for it though and you have to store it responsibly and obviously obtain their consent. Regardless, if you get hacked and should a customer incur some sort of economic injury, you may be liable if you get sued and were negligent somewhere. If you are simply just collecting the data to store offline for some sort of authorized usage, a form might be a more familiar/normal method compared to having them email the info. Bitcoin can be an alternative but it does have its risk.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.