cancel
Showing results for 
Search instead for 
Did you mean: 

iPhone iOS integration safe?

1. From what I see in order to integrate using the iOS SDK, I need to pass my user-name/password. A user can proxy his device and decrypt the data and get my user-name/ password. How can I secure that

2. Do I need to approve each mobile device only during testing or also when using live traffic?

3. Does my iPhone app need to be PCI compliant (since it has the CC in memory and transmit it to authorize.net) or does the SDK take care of it?

 

Thank you!

isrsal
Member
3 REPLIES 3

You -could- just set up a web site intermediary if you're worried about all this. Cell phone (no credentials) -> web site (ID / key) -> Authorize.net -> web site -> cell phone.

TJPride
Expert

Hi isrsal,

To answer your questions:

1.The login and password are passed via SSL. A proxy could intercept the data, but it would not have the decryption keys.
2. Yes, mobile devices have to be activated in the same way for production as they are in test.
3. "As a payment application, the PA-DSS rules apply.  These rules do specifically address mobile application best practices and it's recommended that you please review them."

 

Thanks!

Joy

Joy
Administrator Administrator
Administrator

For me test account working sucessfully, But i have the same doubt..

For integrating this with live account,

 

1.  for Live Account, I need to pass the userID and Password???

2. for Live Account, I need to enable each device for transaction???  if yes, then first transaction will get failed until enabled is it..

sulekha123
Member