Yes and if you wanted to write an API for such a thing it is pretty simple. The key is that you never allow retrieval of the data.
So your API has to support essentially two methods:
* Add banking details.
* Make a charge.
You submit the details to get back a token such as "account-1", and use that token to make a charge. The actual banking details are never able to be retrieved from the device.