1. From what I see in order to integrate using the iOS SDK, I need to pass my user-name/password. A user can proxy his device and decrypt the data and get my user-name/ password. How can I secure that
2. Do I need to approve each mobile device only during testing or also when using live traffic?
3. Does my iPhone app need to be PCI compliant (since it has the CC in memory and transmit it to authorize.net) or does the SDK take care of it?
Thank you!
12-15-2011 02:46 PM
You -could- just set up a web site intermediary if you're worried about all this. Cell phone (no credentials) -> web site (ID / key) -> Authorize.net -> web site -> cell phone.
12-16-2011 06:58 AM
Hi isrsal,
To answer your questions:
1.The login and password are passed via SSL. A proxy could intercept the data, but it would not have the decryption keys.
2. Yes, mobile devices have to be activated in the same way for production as they are in test.
3. "As a payment application, the PA-DSS rules apply. These rules do specifically address mobile application best practices and it's recommended that you please review them."
Thanks!
Joy
12-16-2011 01:52 PM
For me test account working sucessfully, But i have the same doubt..
For integrating this with live account,
1. for Live Account, I need to pass the userID and Password???
2. for Live Account, I need to enable each device for transaction??? if yes, then first transaction will get failed until enabled is it..
10-09-2013 02:03 AM