How you plan on creating a mobile app which accepts payments? Be it a fashion m-commerce app or a travel app, it is vital to accept electronic payments for physical goods that your customers are keen to purchase. As per Forrester research, sales from mobile shopping are on a continuous rise. Thus, it has become vital for app businesses to have a payment processing gateway within their mobile app that operates smoothly.
It is crucial to establish effortless financial transactions between disparate parties via a mobile device. However, when you think of accepting payment, on any device, you must necessarily ensure the security of users’ financial data while also adhering to PCI compliance standards.
What is PCI compliance?
Well, those who have no idea about PCI compliance, it is a bag full of vague requirements & to become PCI certified, it takes months of work even for a company that specializes in storing & processing credit card data.
So what is the right mean for securely and correctly creating a mobile app which touches financial data? Here we discuss some ways that must be implemented while creating a mobile app to accept online payments.
Handle & store card information directly
In case your organization has PCI certified already, then half of your job is done of securing your present system and you might even be able to receive & store card data on your own. Yet a mobile app touching card data does expose you to added scope. So next, it is time that you work with your QSA, bringing the app & supporting services in compliance. This requires a lot of time & effort.
However, in all possibility, your enterprise is actually not PCI L1 compliant and is keen to stay in compliance minimizing scope where possible. You must also want to quickly execute on your concept. If that is the case, then keep reading the post for discovering few more alternatives.
Existing Mobile POSs
In case you want to find a generic manner for accepting payments from customers then give a thought to a mobile point-of-sale app like PayPal Here or Square. As for transaction fee (mostly between 2.5% – 3%) you can start swiping cards with little up-front cost and setup time.
Now this work wonders when selling goods in a card-present environment, like a local store or marketplace. With no worry regarding PCI compliance and the funds get deposited to the account in two-day time. However, when you desire for a branded payment experience, for distribution of your own app, or to operate in card-not in the present environment, then it won’t work for you. Better look for a gateway specific mobile component.
Mobile Payment Widget
There are a number of gateways offering mobile-specific libraries which make the process of payment acceptance within the mobile app a lot easier. These libraries offer their own payment UI components which make the payment process effortless in a custom mobile app.
Prominent payment gateways like Braintree, PayPal, Stripe/Venmo Touch, are among the ones offering sturdy mobile libraries. In case, one of these is already being used or still are keen to select a gateway for payment processing, then go for the one with well-supported mobile SDK. Their library handles card information, thus limits your PCI compliance exposure as well as implementation efforts.
However, this approach has a few shortcomings, like, you end up losing control of user experience as you are opting for gateway widget’s chosen look & feel and second, your stored payment data get locked into that one gateway, and this certainly constrains future provider decisions.
Direct card payment integration with a gateway API
Myriad of payment gateways enable you to process credit card transaction data via their APIs. This may appear simple, but an integration of gateway’s API makes you directly responsible for the security of credit card data, as now the data is passing via your mobile app.
Besides, not all payment gateways support an authenticated tokenization process, which proves to be essential while accepting payments from a mobile app. In case your Gateway API doesn’t provide the tokenization functionality, then you will furthermore require handling the process on your own.
However, there is one more way to stay in PCI compliance without too much hassle. You can consider multi-gateway provider such as Spreedly.
Multi-gateway Mobile access
In case you desire to collect information regarding payment in your way without getting locked into a single gateway, Spreedly can be of your help. Using a common API on top of various gateways, Spreedly offers a consistent payment processing language to your mobile app.
It offers the mobile supports through a two-phased tokenize/transact API which enables you to get full control of UX. To integrate Spreedly with your mobile app, you need to put some attention to security as in case of implementing the gateway API directly. However, it allows you to be at peace regarding non-vendor specific card storage & processing paired with a highly-functional, mobile-compatible API.
Getting it right
There are myriad of choices out there such as Braintree (PayPal owned) and Stripe being the most prominent. However, same as the technical capability to submit a payment, managing the entire process within the context of the app without making it too complex or buggy that users go on deleting the software, is also crucial.
In a few respects, it may seem simple to add payment through a mobile app, but it is not easy to manage all issues, starting from business intent to security concerns and technology implementation. A lot of time and efforts goes into it.