topic Re: iPhone iOS integration safe? in Integration and Testing

iPhone iOS integration safe?

isrsal — Thu, 15 Dec 2011 22:46:10 GMT

1. From what I see in order to integrate using the iOS SDK, I need to pass my user-name/password. A user can proxy his device and decrypt the data and get my user-name/ password. How can I secure that

2. Do I need to approve each mobile device only during testing or also when using live traffic?

3. Does my iPhone app need to be PCI compliant (since it has the CC in memory and transmit it to authorize.net) or does the SDK take care of it?

Thank you!

Re: iPhone iOS integration safe?

TJPride — Fri, 16 Dec 2011 14:58:42 GMT

You -could- just set up a web site intermediary if you're worried about all this. Cell phone (no credentials) -> web site (ID / key) -> Authorize.net -> web site -> cell phone.

Re: iPhone iOS integration safe?

Joy — Fri, 16 Dec 2011 21:52:05 GMT

Hi isrsal,

To answer your questions:

1.The login and password are passed via SSL. A proxy could intercept the data, but it would not have the decryption keys.
2. Yes, mobile devices have to be activated in the same way for production as they are in test.
3. "As a payment application, the PA-DSS rules apply. These rules do specifically address mobile application best practices and it's recommended that you please review them."

Thanks!

Joy

Re: iPhone iOS integration safe?

sulekha123 — Wed, 09 Oct 2013 09:03:14 GMT

For me test account working sucessfully, But i have the same doubt..

For integrating this with live account,

1. for Live Account, I need to pass the userID and Password???

2. for Live Account, I need to enable each device for transaction??? if yes, then first transaction will get failed until enabled is it..