Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Bank details on form

Options
  • 12-11-2011 6:30pm
    #1
    komodosp
    Registered Users Posts: 1,657 ✭✭✭


    Hi folks

    I'm developing a website for a company that requires a form to be filled out containing various information, including bank details.

    I'm a bit worried about this - my boss (not the customer) assures me that you can't actually do anything damaging with bank details (bank, a/c #, sort code, name) but I'm not totally convinced...

    The other problem is I'm not sure what gets done with the data - I think it is supposed to be emailed to the admin of the site.

    What would the appropriate approach here be? Is it OK to just send bank account details unencrypted?


Comments

  • Options
    #2
    fergalr
    Registered Users Posts: 1,922 ✭✭✭fergalr


    komodosp wrote: »
    Hi folks

    I'm developing a website for a company that requires a form to be filled out containing various information, including bank details.

    I'm a bit worried about this - my boss (not the customer) assures me that you can't actually do anything damaging with bank details (bank, a/c #, sort code, name) but I'm not totally convinced...

    This calls to mind a very famous scientific study, investigating just this problem:
    http://news.bbc.co.uk/2/hi/7174760.stm



    Ok, so I don't think there are any scientific studies. But that example just goes to show that while bad guys probably shouldn't be able to anything malicious, with just bank details, in practice they probably can.
    komodosp wrote: »
    The other problem is I'm not sure what gets done with the data - I think it is supposed to be emailed to the admin of the site.

    What would the appropriate approach here be? Is it OK to just send bank account details unencrypted?

    It depends what you mean by 'OK' - are you asking if you individually have a legal duty to refuse to do this? That'd be a legal question; IANAL, so I couldn't say. I also couldn't comment on whether you'd be able to say "I was just doing what my boss said", if anything went wrong, money was stolen, and there was an investigation as to why.


    From a common sense, or even a professional-ethics point-of-view, I think it'd be a really bad idea to build a site that sends end users bank details around the place unencrypted; its just setting yourself up for a world of trouble. You should tread very carefully whenever anything like bank details are involved.
    If your boss doesn't understand the need to be very careful in situations like this, you should be very suspicious of your bosses judgement in similar situations.

    Or you might end up with Clarkson coming to put cocktail sticks in your eyes.


  • Options
    #3
    tricky D
    Closed Accounts Posts: 9,700 ✭✭✭tricky D


    komodosp wrote: »
    Is it OK to just send bank account details unencrypted?

    Absolutely not.


  • Options
    #4
    adm
    Registered Users Posts: 342 ✭✭adm


    Best advice I could give is dont do it. try and find a third party that specializes in such things.
    In the past I was forced to do it. If you must, ensure you use ssl (https) for the form. I was working with php so used gnupg to encrypt emails.
    But it has provided so many headaches (its not trivial for non-techy clients to decrypt emails) that I would really advise against it.
    A quick Google of 'secure forms' shows that there are third parties that might handle it for you.


Advertisement