BLUF:
So the question I have is, is it possible to develop a completely standalone mobile application that does not need to communicate with a server that I provide, that still can process payments for our users.
I've been looking at the SDK and sample application for Android AIM, and it requires login to the payment gateway. From what I've read, instead of login I'll be able to use the API ID instead on production code. What my biggest question is, does it still need manual validation of every device that has the application installed?
I've been looking at the following document http://www.pymnts.com/journal-bak/201/managing-the-risks-and-security-threats-of-mobile-payments/ and the type of payment I'm looking to process is purely App based.
That is we want our customers to use an application we provide to enter their payment information and using the API communicate with Authorize.net using an SSL connection initiated directly from the phone.
The secondary goal is to store as little as possible, so that we minimize our requirements. Further more, is it possible to develop the app in such a way that we do not store anything except the proof of transaction, and so avoid any required PCI compliance issues on our local premises?
Looking at the documentation for DPM that seems to be the best approach. Does anyone have any suggestions on how to integrate that into an android application or is it even possible? I know that for android java libraries can be integrated natively, but I'm not sure of the networking aspect.
Eventually the business would also like to expand into IOS, so unfortunately because IOS is Objective-C it looks like it would require AIM for development
Is there a different API that might make more sense? Again we are doing all processing from within a mobile application, and do not want to store or transmit any payment information to our servers as an intermediary between the user/app and authorize.net
Any advice would be greatly appreciated.
01-06-2014 11:39 AM - edited 01-06-2014 11:50 AM
Currently, the only way to directly process transactions from an app is if that app were to store your API credentials, which is not secure. I know that you indicated that you did not want to communicate with a server that you provide, but this really is the only recommendation that I can make at this time.
01-09-2014 11:16 AM