Need for PCI certification for a custom platform with web control panel and iOS/Android mobile applications.
The level of certification should cover the components involved in the communication reflected in the following flow of information:
1.- From the mobile app the user introduces card number, date and CVV in a native form.
2.- The information is sent directly to our web server.
3.- From our web server it is sent directly to the payment gateway.
4.- The gateway returns a token for that card, and that token is stored on the web server.
At no time the info of the card is stored neither in the apps nor in the server, the only thing that is stored is the token that the bank returns to us.
Development status: Beta
Nº of transactions: 0 . In general we are interested in the level that implies a lower number of transactions, which in principle is the most basic and is the one that fits with the startup models.
TLS 1.2 certificate for communications encryption (required for PCI certification)
- Web control panel (custom Backend). Hosted by Amazon AWS
- iOS Mobile App (Not yet published). Native development
- Android mobile app (not yet published). Native development
The objectives of this project are merely administrative.
Choose and complete the appropriate SAQs to present our audit at PCI SSC Payment Card Industry Professional.
We would also like to know if any of you can certify the audit.
Valid audit and certification for pcisecuritystandards.org
We will only admit people who have previously worked on PCI Payment Card Industry (PCI) projects.
Data Security Standard, audits and certifications of SAQ forms, please abstain candidates without these requirements