2

What is the most secure way to post credit card information from my iPhone application to a Windows server?

My iOS app sells some goods, like dresses.

Michael Petrotta
  • 59,888
  • 27
  • 145
  • 179
Sbarut
  • 45
  • 3

4 Answers4

1

(IANA Credit card merchant, I only play one here after reading other SO questions)

If you are dealing with explicit credit card data then you should be PCI compliant across your whole system. See things like:

pci security standards

and

pci compliance guide

If you are automating this (IE buy a dress from your iPhone) the CC Merchant that you are dealing with should have well defined protocols for handling credit cards. You should be asking them how they want the data sent. My general understanding is that you do not retain anything and just pass it through to the company who does all the financial stuff for you and the just passes back a validation for the transaction.

Peter M
  • 7,309
  • 3
  • 50
  • 91
1

Look Michael. There are following ways through which you can post your credit card information from your iPhone application to a windows server. First you can use a "https//" when you are posting your credit card information because all of your information go through a secured channel. The second option to post your credit card information from you iPhone app to windows server is to connect yourself with a VPN connection. I usually use VPN connection when I want to secure my sensitive data. Currently I am using PureVPN connection, that encrypt all of my sensitive information and all the information passes through secured encrypted tunnel and no unauthorized person can access to my sensitive information.

simon
  • 26
  • 1
1

I completely agreed with Shivam and Simons. Mostly we have all e-commerce sites hosted on "https" which allow users to freely put their CC details and shop wherever they want to. a part from this if you are willing to surf around and shop through an application on your IOS phone then i think you should considerably google for VPN. It is one of the best and most reliable tool these days which enable users not only to make e-commerce transaction through secure channel but also protects users data through all aspects. I think going for Certificates won't be a good option as it involves certain procedures and guidelines.

Sabih
  • 21
  • 1
0

If it is a webservice that you connect to on your Windows server, you can make the server ssl enabled have the client (iphone app) POST your data using the https link.

If this is some proprietary service using some proprietary protocol, you can consider using public key cryptography. Encrypt data with a one time AES key. Send the encrypted data. Encrypt the AES key with your public key and send it along. The server decrypts the symmetric AES key with your private key and thereafter decrypts the data !

I'd personally prefer the first option (SSL) over the second anytime !

CodeExpress
  • 2,202
  • 1
  • 20
  • 16
  • Thnx for your help. But i have an other question. İf i use ssl post should i use any encryption or certificate when i post credit card number etc. Can you give me some example about https posting? – Sbarut Feb 22 '12 at 20:34
  • Initially, you'll have to procure a certificate from a Certificate Authority (CA). You can buy a certificate from many sites, like [godaddy](http://www.godaddy.com/Compare/gdcompare_ssl.aspx?isc=sslqgo003c). So you'll receive a Certificate and a private key from the CA. Once you've configured your server. You'll now serve your website on port 443 instead of 80. Then from the application point of view, your workflow won't change. Instead of using http you'll use https to POST to the same page. You need not send any certificate or explicitly encrypt anything. No changes in the web code. – CodeExpress Feb 22 '12 at 20:56
  • Thnx for your help Shivam. Have a nice day. – Sbarut Feb 23 '12 at 08:20