Storing Credit Card details in the iPhone App

Question

We develop iPhone App for sale some things We want to help users buy quickly ("in 1 touch") I found similar questions but they are all about websites

May you answer - Is this legal to save details of CC (number, name, exp date - without CVC code, which user have to enter on the payment page) inside the App on the device ? All data stored only inside App

From our side it looks like: user save data in his profile and use this info for quick filling of payment form inside our App. If user loses his device - it's his fault :) or am I wrong?

Answer 1

It is legal to store credit card data in your application. However, your application needs to be PCI compliant. Read up on this here: https://www.pcisecuritystandards.org/. There are hefty fines that VISA/Mastercard can leverage if a fraud breach occurs due to your software, up to hundereds of thousands of dollars per transgression. This isn't the kind of thing to mess with lightly.

Answer 2

DJ Quimby has it right (his answer is in this feed). Once you complete the development of a mobile app that allows for credit card payments you'll need a third party to perform security assessment and determine whether you have satisfactorily met the Payment Card Industry (PCI) payment Application Data Security Standard (PA-DSS) version 1.2 related to the protection of cardholder data. If you're storing the full credit card number and/or expiration date in your app, it will not pass this PCI assessment. Without passing the assessment your app will be rejected by the iTunes app store.