- Prevention of automatically generated screenshots to avoid sensitive card details from being captured on the device.
-
Jailbreak detection, to disable the SDK functionalities due to the security concerns that can arise from a jailbroken system.
However, when developing your app, you are responsible for reviewing and implementing the following security considerations:
App Transport Security (ATS)
You must configure your app properly for App Transport Security (ATS).
Click here to learn how.
Third-Party Keyboard Support
By default, iOS allows third-party apps to override the built-in keyboard. This may pose a risk to the security and compliance of your app, as keystrokes or words may be leaked to untrusted parties. For these reasons, you must disable third-party keyboard support on your payment form. The following example demonstrates this in Swift:
func application(_ application: UIApplication, shouldAllowExtensionPointIdentifier extensionPointIdentifier: UIApplicationExtensionPointIdentifier) -> Bool {
if extensionPointIdentifier == UIApplicationExtensionPointIdentifier.keyboard {
return false
}
return true
}
OWASP Top 10
The Open Web Application Security Project (OWASP) maintains a regularly-updated list of the most pressing web application security concerns. We strongly recommend you follow their latest guidelines. Click here to learn more.
PCI Compliance
When processing payments and handling transaction data, you need to ensure your solution is fully compliant with the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS aims to protect customer data from unauthorised access and ultimately to reduce the risk of fraud when processing payments online. Click here to learn more.
Minimising app during payment session
There is currently no way for the Mobile SDK to store the current state of the payment session. Therefore if your app is minimized for a prolonged period (e.g. a few hours), the phone’s OS may close the browser session to better optimise memory usage for other apps and the state of the transaction may potentially be lost.