we would like to use a banking API to do SEPA transfers from our bank account to the user's bank account. For that the user needs to enter his IBAN and BIC into the form. We take those data (SSL secured) and transfer the money using the banking REST API. If we get a Success response, we show the user a message that the money was transferred to his account.
During the whole process we do not store the IBAN or BIC anywhere in local variables neither in the database. The connection to the fidor API is secure.
So there are the following questions:
1. Do SEPA data in general need PCI compliance?
2. If yes, would we need to be PCI compliant for the usecase above? Because we never store any of the data.
I tried to find information about this on google without success. If you have had the same usecase I would be very thankful if you could share your experience. Also if you have link about this topic I would also highly appreciate it.
Thanks in advance!
IBAN and BIC are not secret information, so PCI DSS does not apply.
Related
Coinbase stopped publishing it's user stats in 2017, so I haven't been able to find a way to see how many users currently use the exchange.
My (albeing limited) understanding is I should be able to work this information out from querying the Blockchain.
Is this possible?
I'am not sure about Ccinbase, but i know that a lot of exchanges creates completely different wallets(addresses) for each user, so its impossible to track them. You can do it for decentralized exchanges as Idex/Bancor/0x etc, because they are using specific smart-contract(only in Ethereum network)
I am not sure if this is the correct forum or not but I've been tasked with determining our PCI requirements, we being a group of developers who will create/maintain code that handles PCI data. We will not STORE the data or execute transactions, we will simply be a web service layer that accepts and passes on PCI data.
Because we will neither store or execute transactions, my understanding is we will not need compliance training, nor required to complete compliance reports.
If this isn't the correct forum I can move it.
Thanks.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment.
Importantly, that process, store or transmit credit card information maintain a secure environment.
So yes, based on the definition on this forum I'd assume so.
how to verify new assets in a blockchain? For example: in order to participate in blockchain transactions, a member must first claim to have an asset that the network has not seen before, how would the network verify this claim? I've read a bunch of papers, but they're too bitcoin centric, which is that there are centralized institutions that issue block assets to members in exchange for real world currencies. And the non-bitcoin-centric mechanism seems to just assume that the new asset is inalienably verified, so just hash it directly with a timestamp as a new block. There doesn't seem to be any verification process. Is it incumbent on the application to determine a specialized verification algorithm? Am I just completely missing something? Please any response is appreciated.
To track assets using the blockchain you create your own token and create a owner which can then assign people the asset using contracts or manually. If you are talking about currency then you either need to work and mine it or buy.
Yes it is the application's and mostly the user's responsibility. A real world asset cannot be pegged to a digital asset, blockchain or not, without a central authority enforcing such a peg.
I am looking for a service to help me verify addresses in India specifically.
I see a lot of websites are starting to have some address verification now like cab services and ecommerce. Any suggestions on specific APIs to use?
I don't know of any free services, however there are a few companies like Experian Data Quality and Address Doctor who provide address verification services that would cover India.
For full disclosure, I work for Experian Data Quality, and we have a service called QAS Pro On Demand which allows you to easily integrate address verification for India, and other countries, into your website.
The list of countries covered by the Experian Data Quality web service can be found here
If you wanted to try implementing a simple service of your own validating only PIN Code, City, State then there is an open All India Pincode dataset.
I am trying to prototype a system that will display a list of choices to a user, and allow them to place an order for the one they select (an over simplification of the prototype, but sufficient to get to the point). I have the users credit card number, billing and shipping addresses, and other contact information, but I can't find any web services that will let me actually purchase something with this information to complete the prototype. I have checked directories such as Programmable Web and Xmethods, but they just seem to point to APIs that let you check for prices and availability, but not actually place an order. Does such a thing exist, or is there some reason (such as security) that I am missing, that prevents such a service from being offered?
The most important thing about online shopping is the security of transmitted information (e.g. credit card data). So the ideal case is to transmit these information directly to the related bank's (issuer of the credit card) payment services, rather than passing it via other service providers. This is what 3-D Secure does.
So when you use a common API this means putting an extra broker between, and passing the secure information to this party which increases vulnerability. Since such a broker cannot use 3-D secure (since it is not the merchant so not possible to make an agreement with the banks) and it should pass the information to online shopping site.
Moreover, an online shoping site can block traffic coming from such an intermediary webservice at any time if you do not make an obligatory agreement and making agreements for each online merchant is practically not very possible.
There is no such free API available the simple reason behind that information like credit card is very secure and confidential and there will security threat on free API's.
here is list of best 10 online payment system
http://sixrevisions.com/tools/online-payment-systems/
and this one who providing live demo
http://www.fastcharge.com/
I think it is possible though I don't know in depth information. I think this is what you see. In next steps you will be redirected to payment gateway of the bank and then you can complete the transactions just by answering some security questions. I think this is a service you should obtain from the bank. And I haven't seen any universal API that can perform the task you have mentioned.
Dialog GSM - Sri Lanka
Anything.lk - Sri Lanka