'Phone application getting credit card information will pass PCI scan?

I'm building an app to collect payments. I need to get the credit card information from the user, and then using AJAX (to a SSL url) send that info to the website. The website itself does not stores the credit card info, and neither does the phone application. Assuming that the website is PCI compliant, could the app be considered a security risk? Would it pass a PCI scan, if there is a PCI scan for apps?

androidpci-compliance


Solution 1:[1]

As you can't really PCI scan people's web browsers (nor phones), so those wouldn't be scanned.

However, if your website is acting as a middle man or passing card data along else where, or is in some way connected to the app (which it very likely is, login validation etc) then it would be in scope of PCI and would need a PCI Scan.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 BuyerShield.com

Related Questions

Android - Fill different colors between two lines using MPAndroidChart

Use azure file share smb with android file manager

Android - Fill different colors between two lines using MPAndroidChart

Use azure file share smb with android file manager

Android - Fill different colors between two lines using MPAndroidChart

Use azure file share smb with android file manager

Android - Fill different colors between two lines using MPAndroidChart

ADB exited with exit code 1

ADB exited with exit code 1

how to create folder inside /Android/media in android 11?

how to create folder inside /Android/media in android 11?

how to create folder inside /Android/media in android 11?

Dialogflow v2 android sdk - Add QueryParameters to QueryInput

Dialogflow v2 android sdk - Add QueryParameters to QueryInput

Access high fps camera on Android