How to handle credit card information with cryptography on android and Rest
Question
I have a Backend with ASP.NET WebApi and a Android client. Basically, when the user makes a payment I need to send a Credit Card information to my WebApi and make the payment there to my Gateway by REST. But I'm concerned because, somehow or someway these information could be intercepted in some cases. For saving these information on SQL I already have a Cryptography code to do this. I was thinking, should I implement a code to crypt the data from the android to Api and decrypt for making the payment and then use my current cryptography to storage in database? Should I use Rijndael ? Thanks!
1 answers
solution1
2 ACCPTED 2017-06-04 13:02:16
When using HTTPS you should pin the certificate , that means verify that the site you are directly connecting to is the correct site.
This is done be verifying that the certificate presented by the HTTPS connection is the correct site, this avoids MITM attacks .
The the Android client verifies that the connection is directly to your gateway and that your gateway connects directly to the payment site.
You do not need to add anymore security/encryption.
As henry states: consult the PCI DSS documents. See PCI Compliance Guide .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.