Is it legal to send a credit card number over the air from an iPhone app?

Question

We have a situation where a client would like us to send a CC number to a secure web service via https from our iPhone app. The CC is not being processed on the phone- it just needs to be sent to the web service where it is later processed on the server.

What is the legality of doing this? Will Apple still approve the app with this kind of functionality? What kind of encryption needs to be applied to the credit card #?

Thanks

It's probably *legal* to do it - Apple doesn't make the law. — FrustratedWithFormsDesigner, Feb 15 '12 at 16:50
Since you're using https isn't everything already encrypted? — Mike B, Feb 15 '12 at 16:51
Just make sure that your iPhone application is PCI compliant. For instance, don't save the number in plain text on the phone itself. https://www.pcisecuritystandards.org — DJ Quimby, Feb 15 '12 at 16:54
This is not really a coding question and probably doesn't belong here. — picciano, Feb 15 '12 at 17:28

score 3 · Answer 1 · answered Feb 15 '12 at 16:55

3

There is no one correct answer, since the security requirements depend on what kind of credit card (Mastercard, Visa, etc.), and it looks like you only want to transmit the one card number.

You are required to follow PCI compliance to transmit the CC number.

This link should get you looking at the right place: https://www.pcisecuritystandards.org/merchants/how_to_be_compliant.php

answered Feb 15 '12 at 16:55

Paul

139,544
27
275
264

Thanks a lot. The client has PCI compliance on the website but I'm not sure if this extends to the app. – Richard Lovejoy Feb 15 '12 at 17:49

Is it legal to send a credit card number over the air from an iPhone app?

1 Answers1