1

I have a third party API that connects directly to a restaurant's POS system. In order to pay for a meal, the API requires that I send credit card information through an HTTPS POST request so that it may be used to complete a payment.

I know not to save any sensitive details on the device itself or on a server that is owned by me. But without doing so, how can I safely request credit card details from the user, save them and then send those details over an HTTPS request in order for a transaction to be completed?

In other words, step by step: 1. User inputs credit card information in App 2. App sends credit card information using an HTTPS request to a third party API 3. Payment is completed

I need to securely gather the credit card information, and somehow save it so that if the user purchases multiple items, they won't have to enter their information every time they order.

jww
  • 97,681
  • 90
  • 411
  • 885
Abishek Chozhan
  • 51
  • 1
  • 5
  • 2
    *"how can I safely request credit card details from the user, save them and then send those details over an HTTPS request in order for a transaction to be completed?"* - You don't save [some] of them. You keep them in memory long enough to complete the transaction. Then you zeroize the memory with the sensitive information. "some of them" would include card numbers and ccv's. PCI-DSS covers this topic (and more). They even offer a [quick reference guide](https://www.pcisecuritystandards.org/documents/PCIDSS_QRGv3_1.pdf). Perhaps you should familiarize yourself with it. – jww Jun 06 '17 at 06:49
  • Stack Overflow also has a good selection of similar questions. Maybe you should browse them. These two seem to be duplicates: [Storing credit card details](https://stackoverflow.com/q/206438/608639) and [Storing partial credit card numbers](https://stackoverflow.com/q/1485442/608639). – jww Jun 06 '17 at 06:57

0 Answers0