0

I need to store user's IBAN in my own application. Some people told me that the IBAN is not a secret information, so I could store the IBAN in my application with the classic encryption. Is it right? because other people told me:

The IBAN is part of the PAN and therefore considered Card Holder Data. If you want to keep the IBAN, you are considered to be storing credit card data. Please note that you have to be PCI compliant regardless of whether you store credit card data or not. When you do, you only have to to this in a way that is OK by PCI.

I read this other post Storing SEPA (IBAN and BIC) data - requires PCI compliance?, the answer like this is not enough I think, there is need an answer more detailed.

roaned
  • 33
  • 5
  • "Other people" aren't relevant -- what's relevant is what your employer and the relevant laws tell you to do. – Jeroen Mostert Feb 08 '18 at 12:21
  • Ok of course, you are right. But I don't know where to find in the "law" about the iban, if I can storage like a simple information or I have to be PCI compliance. – roaned Feb 08 '18 at 12:39
  • 2
    See also: https://security.stackexchange.com/questions/80855/how-to-mask-sepa-iban-and-bic-information-correctly – John Conde Feb 08 '18 at 14:19

0 Answers0