Submit mobile app form to ssl server

Question

I am using Phonegap to build an app which has a form with credit card info which data get submitted to my server. The server has SSL on top of it, From there using the payment gateway API I generate a token for this credit card in order to process the payment.

Is it safe to directly post to the server since i use a mobile app therefore a potential attacker could not interact with the form itself?

I could post the data directly to the payment gateway to retrieve that token but I would like the server solution since I can handle any errors/exception better.

What is your opinion??

score 0 · Answer 1 · answered Apr 23 '16 at 01:22

i really don't like Hybrid techs for mobile development. But, You need to create some validations like SSH pinning. Because an attacker can perform a mitm and maybe they can get some informations. Another problem is that using hybrid techs is more easy to perform a reverse engineering and maybe an attacker can get important data too.

score 0 · Accepted Answer · answered Apr 23 '16 at 13:50

0

If you post card data to your server then you, it, its network and hosting environment must all be PCI complaint which is a major undertaking and involves significantly more than simply using SSL: Q: Am I PCI compliant if I have an SSL certificate?

I could post the data directly to the payment gateway

Yes. Do this, its a no brainer.

answered Apr 23 '16 at 13:50

Alex K.

171,639
30
264
288

1

i'll do that. After some digging it is the best option – dianikol Apr 23 '16 at 20:13

Submit mobile app form to ssl server

2 Answers2