The mobile application needs to add the possibility of payment in material goods or services using a Bank card associated with a user account in the program (not Google). The application works in client server mode. It is unclear the following:
1. Where to store and in what form (encrypted) credit card user on a mobile device or on the backend.
2. What are the principles for the security of the stored data maps exist in the case of their location on the server and on the client. I.e. what algorithms to encrypt, etc.
3. How to securely transmit payment card between a client and a backend?
4. Which party makes the payment (communicates with the payment system), mobile device or backend?
5. What are the services willing to perform such payments in Russia?
6. Whether to use a payment platform via Google Play (as far As I know there is a high transaction fee 30%)?
Can eat already ready best practices how to perform in principle such things?