I am developing an Android app that selling mobile credits over the internet. My app just keeps user credit card information and never saving any password. I am in Iran and my country isn't accept any foreign banking system.So I can use only local payment system and I can't use any third party API out there over the Internet. I'm struggling how to make my app secure according to PCI documentation. I googling a lot and find some solution out there but I am not sure if it is an effective solution in Iran. Here is some solutions that I found:
How to store data into Secure Element in android
Secure element Access Control on ICS 4.0.4
Java Card Applet and Host-based Card Emulation of Android Kitkat 4.4
PCI DSS compliant related to the Mobile Application payment
So any help will be appreciated.
