Reputation: 51
Is it safe to send credit card details securely over http POST using swift?
The API that I'm using requires me to send Credit Card Details to complete payment through a HTTP POST request (through swift). Is this safe by any means? And moreover, how do I securely store credit card information for repeated payments?
The credit card holder's name, credit card number, cvc, and date of expiry are all sent over a POST request. Then, the API returns whether the payment was successful, and the last four digits of the credit card number.
Simply put, I'm not entirely familiar with payment security, and would like to know if this is safe, and moreover how to save payment information securely using swift, even if that's possible. I don't think I can use stripe for this process, but I would love to know if that's possible as well.
EDIT: I have confirmed that the API I'm using does in fact employ an HTTPS connection, and not simply a HTTP server. At this point, I know not to save credit card information locally and that I should retrieve it from a third party service before handling it. Thanks All!
Upvotes: 2
Views: 5924
Answers (4)
Reputation: 609
Just to make things absolutely clear:
The answer is NO. Even if one is using https!
While HTTPS encryption may satisfy some legal requirements, it's generally advisable to encrypt sensitive data like credit card numbers on the client side as well to ensure maximum protection and compliance with relevant laws and standards.
Since your case involves an API to which you reach out to... you have no choice. But I still wanted to state this fact about https not being entirely secure, so that others who may stumble upon this thread know the whole story and be aware of the risks.
Upvotes: 2
Reputation: 384
Sending any sensitive information over HTTP is not secure and not recommended. Most of the payment gate ways doesn't allow you to establish a session on HTTP. Even if you are using HTTPS usually sensitive information is encrypted and sometimes encoded on client end and server decrypts, decodes and processes it which inturn gives double security to the requests you make.
Upvotes: 0
Reputation: 2149
Just append a 's' with your http then it's permissible. http is insecure as already mentioned by @t0mm13b. So it's not safe.
there is a Nice post.
Edited:
Don't be just happy that appending 's' is sufficient though. :)
Upvotes: 3
Reputation: 3941
Using Swift or any other programming language and sending sensitive information over HTTP is not secure as mentioned in the comments.
Instead you should use an HTTPS connection.
Upvotes: 0
Related Questions
- POST data via HTTPS to a Webserver using Swift and php
- How to send HTTPS POST request in swift using NSURLSession
- Is it secure enough to sent credit card information using HTTP POST on a encrypted SSL connection?
- Does Apple allow us to send Credit Card information of the user from the app to the server for payment purpose?
- Secure data transfer in swift
- Is a POST from HTTP to HTTPS secure?
- Security of Objective C Post Method (iOS) over HTTPS
- Is NSURLRequest post to HTTPS URL Secure?
- How should I post credit card info from my iPhone app to a Windows server?
- Best security practices when sending a credit card number to a REST API from iOS