Bank Account Numbers
Encrypted Bank Account Input Field
Bank account and routing numbers entered in web forms are vulnerable to XSS, extensions, and analytics tools. SmartField encrypts them before they reach the DOM.
The Problem
Bank Account Numbers entered in a standard HTML input are immediately accessible to any JavaScript on the page:
// Any script, extension, or tracker:
document.querySelector('input').value
// Your bank account numbers in plaintext
The Solution
<smart-field type="password" encrypt-key="/api/sf-key"
placeholder="Enter bank account numbers"></smart-field>
Now the same attack returns AES-256-GCM encrypted data. The bank account numbers never exist as plaintext in the browser.
What the User Sees
The user types normally. The screen shows animated cipher characters: ΣΩΔψξλμπ
The real bank account numbers are stored in a WeakMap (invisible to JavaScript) and encrypted with AES-256-GCM (unreadable without the server key).
Server-Side Decryption
// Node.js
const sf = require('@smartfield-dev/server');
await sf.init();
const data = await sf.decrypt(req.body.field);
// Your bank account numbers in plaintext, server-side only
Frequently Asked Questions
How does SmartField encrypt bank account numbers?+
SmartField generates a new AES-256 key and IV for every encryption. Bank Account Numbers are encrypted before they exist in the DOM. The AES key is wrapped with RSA-2048. Only your server can decrypt.
Can trackers like Hotjar capture bank account numbers?+
No. Hotjar records DOM content. SmartField stores bank account numbers in a WeakMap inside a closed Shadow DOM. Hotjar only captures cipher characters.
What server languages are supported?+
SmartField provides SDKs for Node.js, Python, Java, Go, PHP, and Ruby. All tested and verified.
Related Pages