Storing Credit Card details in the iPhone App

Question

We develop iPhone App for sale some things We want to help users buy quickly ("in 1 touch") I found similar questions but they are all about websites

May you answer - Is this legal to save details of CC (number, name, exp date - without CVC code, which user have to enter on the payment page) inside the App on the device ? All data stored only inside App

From our side it looks like: user save data in his profile and use this info for quick filling of payment form inside our App. If user loses his device - it's his fault :) or am I wrong?

think its not a good idea , how ever if you didnt find any way think of md5 or your own for security... — GoodSp33d, Mar 29 '11 at 13:36
@kantu Uh, MD5 for credit card numbers would be a) useless and b) stupidly insecure. — ceejayoz, Mar 29 '11 at 13:46
i know duh !! hence i have also told to come up with his own algo — GoodSp33d, Mar 30 '11 at 09:21

score 16 · Answer 1 · answered Jun 09 '11 at 14:17

16

It is legal to store credit card data in your application. However, your application needs to be PCI compliant. Read up on this here: https://www.pcisecuritystandards.org/. There are hefty fines that VISA/Mastercard can leverage if a fraud breach occurs due to your software, up to hundereds of thousands of dollars per transgression. This isn't the kind of thing to mess with lightly.

answered Jun 09 '11 at 14:17

DJ Quimby

3,669
25
35

1

@llia, do you need any further information from me in order to accept this answer? – DJ Quimby Jun 10 '11 at 11:33
@DJ Quimby if app will pass the assessment with **PCI Security Standard** will it be approved in iphone appstore ?? – gEeKyMiNd May 25 '17 at 06:22
sorry @gEeKyMiNd I've never done Apple development so I don't know what the Apple Store requires. – DJ Quimby May 25 '17 at 13:28

score 3 · Answer 2 · answered Sep 06 '11 at 20:58

DJ Quimby has it right (his answer is in this feed). Once you complete the development of a mobile app that allows for credit card payments you'll need a third party to perform security assessment and determine whether you have satisfactorily met the Payment Card Industry (PCI) payment Application Data Security Standard (PA-DSS) version 1.2 related to the protection of cardholder data. If you're storing the full credit card number and/or expiration date in your app, it will not pass this PCI assessment. Without passing the assessment your app will be rejected by the iTunes app store.

score 2 · Answer 3 · answered Mar 29 '11 at 13:48

2

Yes, it's legal.

No, it's probably not something your merchant bank will be a fan of.

No, it's not a good idea at all.

No, Apple won't approve your app.

answered Mar 29 '11 at 13:48

ceejayoz

176,543
40
303
368

"No, Apple won't approve your app." - Can you provide a link that details this? If it's something that Apple strictly prohibits it would be great to see that in their developer agreement, etc. – SomethingOn Jan 17 '17 at 16:21
1

@SomethingOn Apple's rules leave a lot of leeway for them to reject stuff for "holy shit this is a horribly dangerous idea" without that being an explicit guideline. – ceejayoz Jan 17 '17 at 16:41

score 0 · Answer 4 · answered Mar 29 '11 at 13:38

0

I am guessing that you plan on developing your own in App payment system. This is forbidden by Apple. You must use the storeKit framework. Apple already stores the credit card info on their side so you have one less problem to think about :)

answered Mar 29 '11 at 13:38

MLefrancois

768
5
12

in our variant user can save some CC in the profile, like: Pay by Master *****1111/ Visa ***** 2222 – Ilia Mar 29 '11 at 13:52

Storing Credit Card details in the iPhone App

4 Answers4