3

I"m starting work on an iOS application that will have an ipad work as a kiosk to purchase food and apparel.

Also we'll be setting the app up as a html5 webview with all the credit card processing happening on our own platform offsite. So the app opens, the user(checkout clerk) is presented with mobile site version of items for sale and they tap on then items to add them to the basket.

When finished a card is swiped and that information is sent from the native app to the html form which then posts the information to our credit card processor.

So my two questions are

1) What good credit card readers exist that work with the ipad and support sending unencrypted card data into a native iOS app.

2) How do I get the data from the native app into the html page to post it to our servers.

Aglystas
  • 379
  • 6
  • 19
  • 1
    unencrypted credit card data is never good. But here is a reader that may work for you: http://www.magtek.com/V2/products/secure-card-reader-authenticators/iDynamo.asp it's encrypted but do able – mkral Jul 10 '12 at 21:11
  • Nothing but the app would see the unencrypted data. I would create an https post to send the data. So really it would only exist in memory for the extent of getting it from the card to the https post, then it would for away. – Aglystas Jul 10 '12 at 21:17
  • I understand but that still seems shady to me. I'm more likely to use a familiar interface such as Square, PayPalHere than just swipe my card on some app. Even though you trust yourself other's probably wont trust you. – mkral Jul 10 '12 at 21:20

3 Answers3

2

1) If you process unencrypted credit card data you need to be PCI-DSS certified. Providers such as payworks exist to help you get around this requirement.

2) You could package your Web Application as native app and integrate one of the existing iOS / Android SDKs.

Disclosure: I am a software engineer at payworks.

Korbinian Breu
  • 211
  • 2
  • 7
1

I implemented the app using an iMag card reader by idtech which plugs into the old iphone 30 pin connector. The documentation isn't great but their development kit does come with an example program to install on your iOS device, that you can use as an example.

I've also implemented it using the Shuttle card reader by idtech, which plugs into the audio jack similar to square and other popular platforms. This can also be purchased with a development kit and works on both iOS and Android platforms and works with newer iOS devices that don't have the old 30 pin connector.

The second question is quite a bit longer to explain, so I'll just say it depends on the device you're using, the firmware on it, and the documentation. Typically there will be some service running listening for card swipes and a notification will occur when a card is swiped that your app will have to listen for.

Aglystas
  • 379
  • 6
  • 19
  • Hi, was you able to parse smart card data using idtech audio jack device? I can get the data using SDK but I guess it is encrypted.I would appreciate any help. – Sarah Jan 22 '14 at 12:12
  • I'm not positive if a "smart card" is different than your standard credit card. As far as I know all the credit cards we've attempted to process using the iMag grabbed the credit card information correctly unencrypted. It is in the magnetic stripe format which you can see here... http://en.wikipedia.org/wiki/Magnetic_stripe_card – Aglystas Jan 23 '14 at 14:27
  • Thanks for your response. Yes, I was able to get the magnetic stripe data but could not read data from smart card chip. As I'm using different idtech device called UniPay. And the SDK and manuals are not helping at all. – Sarah Jan 23 '14 at 16:43
  • Hello @Aglystas, I know this is a really old thread. But I'm having the hardest time working with idtech's iMag Pro II. I'm using this SDK: https://atlassian.idtechproducts.com/confluence/display/KB/iMag+Pro+II+(IDMR-AL30XXXa(A)-ZZ)+-+Home I get the card's data but it's encrypted. Is there a way I can decrypt this data? If no, what is the purpose of encrypting card readers if you can't read card's data? We're processing payments using stripe and I need to provide it with card's number, name and expiration date. – binchik Jan 09 '18 at 18:00
  • @binchik I never used the encryption features for that app, it simply allowed me to pull down the stripe data unencrypted. This thread is so old I wouldn't be surprised if the firmware doesn't allow unencrypted transmission anymore or at least default to encrypting the data. My guess is the documentation describes a method of decrypting the data, either resetting the encryption key to a known value or using a default key that is hardcoded on the firmware. – Aglystas Jan 09 '18 at 20:02
  • @binchik a quick look at the docs and I found this excerpt... "ID TECH card readers do not provide decryption capability in firmware. Decryption of transaction data is usually done on the back end (by the party that will approve and/or clear a transaction). It can also be done in a test environment. But is not typically done in an application, at transaction time, in a live production environment, because the storage or transmission of sensitive customer data in cleartext form runs counter to PCI DSS requirements (and constitutes a "worst practice," in security terms). " – Aglystas Jan 09 '18 at 20:11
  • Thank you @Aglystas. Really helpful! – binchik Jan 10 '18 at 04:57
0

Not a card reader per se, you may want to check out card.io, as used by the PayPal iOS SDK.

Ric Santos
  • 15,419
  • 6
  • 50
  • 75