Saving credit card data on a mobile device with two way encryption

Question

Very often, we can find mobile applications which provide in-app purchase store credit card details, allowing users to buy things in a convenient manner. I am planning to implement the same mechanism on the client side. The following points are what I can think of.

First, there are several variables involved:

• credit_card_number

  The credit card number used for the purchase.

• cvc

  The CVC of the credit card being used.

• expiry_date

  The expiry date of the credit card being used.

• card_info_key

  The key used to encrypt and decrypt the credit card information stored in the client device.

Is it viable to save card_info_key on the server, then use it to encrypt and decrypt credit card information on the client device as follows?

// credit card information entered by user
var credit_card_number = '1234123412341234';
var cvc = '789';
var expiry_date = '12-2020';

// the key is retrieved from server
var card_info_key = getCardInfoKeyFromServer(current_user);

var card_info = {
    'number': credit_card_number,
    'cvc': cvc,
    'expiry': expiry_date
};

// an encrypted token is expected
var encryptedCardInfo = encryptCardInfo(card_info, card_info_key);

// an object containing the same data as card_info should be returned
var decryptedCardInfo = decryptCardInfo(encryptedCardInfo, card_info_key);

Besides, what encryption and decryption algorithm should I use?

Answer 1

This is not a technical issue because you simply aren't allowed to implement such a functionality (unless you make the app PC-DSS compliant). See How to save credit card data in a database? for more info and links.