Allow transaction history queries
Summary
The system must allow authorized users to inspect their own transaction history.
Description
Systems usually collect personal and transactional data from their users. Users should have control of their own data and, as such, should be allowed to query and inspect whatever information the system has collected from them, including their transactional records.
Supported In
This requirement is verified in following services
| Plan | Supported |
|---|---|
| Essential | 🔴 |
| Advanced | 🟢 |
References
- GDPR-R7. The framework is based on control and certainty
- HIPAA-164_308_a_1_ii_D. Information system activity review (required)
- FCRA-604-E_5. Notification system
- NYDFS-500_6. Audit trail
- PA-DSS-6_1. The wireless technology must be implemented securely
- CMMC-AC_L1-3_1_2. Transaction & function control
- HITRUST CSF-09_y. On-line transactions
- HITRUST CSF-13_f. Principle access
Vulnerabilities
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.