+3 votes
by
The mobile application needs to add the possibility of payment in material goods or services using a Bank card associated with a user account in the program (not Google). The application works in client server mode. It is unclear the following:
1. Where to store and in what form (encrypted) credit card user on a mobile device or on the backend.
2. What are the principles for the security of the stored data maps exist in the case of their location on the server and on the client. I.e. what algorithms to encrypt, etc.
3. How to securely transmit payment card between a client and a backend?
4. Which party makes the payment (communicates with the payment system), mobile device or backend?
5. What are the services willing to perform such payments in Russia?
6. Whether to use a payment platform via Google Play (as far As I know there is a high transaction fee 30%)?
Can eat already ready best practices how to perform in principle such things?

4 Answers

0 votes
by
You can use libo OpenIAB. Through it you can pay in several shops.
by
So it does not work with Bank payment systems.
0 votes
by
PayPal?
There are still stripe, but need company in the United States or in one of the countries: https://stripe.com/global
To get money from anywhere
by
belozerow Know that card details are not stored on the user side and stored in the payment service. The payment service generates the first token card, which you can save in application and used in the future to complete the re-payments. But again, is it safe to store the token and what happens if it leaks?
by
asdz : Well PayPal works in Russia, we use it in one of our applications for the sale of services.
To store card data anywhere, in my opinion, not a very good option.
by
troubles with foreign countries are not interesting. And as it is still stored in the profile data of the card? or maybe there are third-party services?
0 votes
by
Wait the end of Google I/O. Promised to show Android Pay.
0 votes
by
If goods, then the best choice is standard goglova payment system.

And to get the card linked to the account - I think it's impossible, otherwise this is a security hole.
...