R084. Allow transaction history queries


The system must allow authorized users to inspect their own transaction history.


Systems usually collect personal and transactional data from their users. Users should have control of their own data and, as such, should be allowed to query and inspect whatever information the system has collected from them, including their transactional records.


  1. GDPR. Recital 7: The Framework is Based on Control and Certainty. Natural persons should have control of their own personal data.

  2. HIPAA Security Rules 164.308(a)(1)(ii)(D): Information System Activity Review: Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.

Service status - Terms of Use - Privacy Policy - Cookie Policy

Copyright © 2021 Fluid Attacks, We hack your software. All rights reserved.