Reply
Member
Posts: 1
Registered: ‎12-15-2011

iPhone iOS integration safe?

1. From what I see in order to integrate using the iOS SDK, I need to pass my user-name/password. A user can proxy his device and decrypt the data and get my user-name/ password. How can I secure that

2. Do I need to approve each mobile device only during testing or also when using live traffic?

3. Does my iPhone app need to be PCI compliant (since it has the CC in memory and transmit it to authorize.net) or does the SDK take care of it?

 

Thank you!

Posts: 1,609
Topics: 15
Kudos: 209
Solutions: 121
Registered: ‎06-23-2011

Re: iPhone iOS integration safe?

You -could- just set up a web site intermediary if you're worried about all this. Cell phone (no credentials) -> web site (ID / key) -> Authorize.net -> web site -> cell phone.

Administrator Administrator
Administrator
Posts: 563
Registered: ‎08-03-2011

Re: iPhone iOS integration safe?

Hi isrsal,

To answer your questions:

1.The login and password are passed via SSL. A proxy could intercept the data, but it would not have the decryption keys.
2. Yes, mobile devices have to be activated in the same way for production as they are in test.
3. "As a payment application, the PA-DSS rules apply.  These rules do specifically address mobile application best practices and it's recommended that you please review them."

 

Thanks!

Joy

Highlighted
Member
Posts: 3
Registered: ‎10-07-2013

Re: iPhone iOS integration safe?

For me test account working sucessfully, But i have the same doubt..

For integrating this with live account,

 

1.  for Live Account, I need to pass the userID and Password???

2. for Live Account, I need to enable each device for transaction???  if yes, then first transaction will get failed until enabled is it..