API for secure data storage?

[snaveint]

Have a payments problem we're trying to solve, would love HN input!

Our platform needs to make several payments to suppliers each week, the problem is we don't want to store our suppliers bank details. Unfortunately the only payment method possible right now is via a bank specific file (*.aba) and is manual, but to create that file we need to have stored our customers bank details...

Does anyone know of a platform which can store/retrieve customer sensitive data through an API so we can avoid storing it ourselves?

[tptacek]

What you're looking for is called an HSM.

[stevekemp]

Yes and if you wanted to write an API for such a thing it is pretty simple. The key is that you never allow retrieval of the data.

So your API has to support essentially two methods:

* Add banking details. * Make a charge.

You submit the details to get back a token such as "account-1", and use that token to make a charge. The actual banking details are never able to be retrieved from the device.

[snaveint]

Thanks guys, sounds promising, will look into it.

[rgacote]

Tokenization service like http://www.auricsystems.com/products/auricvault-tokenization...

[snaveint]

Thanks, have dropped them an email to see if they can support what we're after. Appreciate it.