When you are creating a web service and you have to keep your bank account information, where are you all stored?
I'm in trouble because I didn't have any knowledge.I'd love to hear from you.
If you pay by credit card, I don't think you need to use external services such as PayPal or webpay to have your own account information, but if you don't have anything to do with the payment service such as receiving account information, I feel like I have to have your own account information.
Considering the possibility of information leakage, it is very risky to have it yourself, so please let me know how you are dealing with it.
If you have any recommendations for saving account information, please let me know.
I look forward to your kind cooperation.
Credit card information can be abused immediately if it is leaked, which directly leads to money damage, but even if it is leaked, it does not directly lead to money damage, so you don't have to be so nervous.Of course, psychologically, the damage may be severe.
If you think about it normally, encrypting it and storing it in the database is the key, but if you don't mind not being able to view the bank account information from the site, you can transfer it to the office.For example, the bank name and branch name can be viewed online, but the account number cannot be viewed, and in case of a change, the account number can be re-entered.
However, there is a possibility of leakage when communicating between the web server and the back office server, so you need to take proper measures to prevent leakage when transferring.
Currently, we are thinking of a C2C used goods sales application that requires credit card payment and sales account transfer.
I was worried about the same thing as the questioner, so I looked it up.
Generally, we do not manage credit card and account information on the service side such as EC site or flea market app.
Use payment agent to avoid the risk of leakage.
For example, the LINE Corporation's LINE MALL flea market app Help Center has a description like this
Q. Payment and collection agencies
Payment and receipt of the product price via LINE MALL will be made using GMO Payment Gateway Co., Ltd..
GMO Payment Gateway Co., Ltd. receives the product price on behalf of the buyer and transfers it to the seller's designated deposit account.
Certainly, if you keep your credit card and account information with your company's service, the payment fee will be reduced by a few percent.
You can also think of ways to encrypt databases to maintain confidential information.
However, if hackers break in and copy databases locally, it's only a matter of time before decrypting them if you use Bluetooth attacks (per password) or rainbow hash (buy commonly used hash data on the black market and match the hash value to find the password).
As for the communication method when entering credit card information and account information, I think there will be no problem if the communication method with the server is encrypted (https).
In addition, a QA app called LINE Q also has a system to cash in points that are given when you contribute to a question, but payment is described in Privacy Policy as follows
• Payment Information
We may obtain credit card information in order to pay the customer's fee, such as when purchasing products or using paid services.Payment is made by a payment agency, and we do not have credit card information.
In other words,
Do not manage confidential information on your own as much as possible, and it is considered safe to ask an agent to do so
© 2024 OneMinuteCode. All rights reserved.