I\'m currently developing a payment system where users can use SEPA-debit to pay

Question

I'm currently developing a payment system where users can use SEPA-debit to pay for the service. The user has the ability to enter the data once and can then select the same payment method when making another payment in the future.

So in order for the user to select the proper account to debit, I need to show some information about her/his accounts. In the world of credit cards it is normal to mask all but the last 4 digits of the card number, e.g. XXXX-XXXX-XXXX-1234

Should I also hide all but the last 4 digits when displaying IBAN numbers? And should I do the same for the BIC, or is it safe to display the complete BIC number?

Explanation / Answer

Unlike credit card numbers, IBAN numbers are not secret. If anyone knows your bank account number, they can derive the IBAN number from it. And they would need to know your bank account number to pay you.

Similarly, BIC is not a secret either.

That being said, a bank account number and other identifying information can sometimes be used to order things, so it might be a good idea not to show more information about a bank account number / IBAN than is necessary. This is also a trade-off between user privacy and user experience.

(The example scenario would be someone out to harm you, perhaps as vengeance for something. They obtain your bank account number, some other personal info, and start ordering things in your name. Obviously this is illegal and stupid, but it's not impossible. You could undo the harm, but it would take you time and effort that you'd prefer to spent in a more pleasant way).

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.