Skip to main content

Security

Security is paramount when developing applications for payment terminals. Follow these guidelines to ensure your SmartPOS application meets security requirements.

Compliance Requirements

PCI DSS

Payment Card Industry Data Security Standard compliance is mandatory for all payment applications.

GDPR

General Data Protection Regulation compliance for handling personal data.

Security Best Practices

Data Protection
  • Never store sensitive cardholder data (PAN, CVV, PIN)
    • Encrypt all data in transit
    • Use secure storage for any persistent data
    • Implement proper data retention policies
Code Security
  • Obfuscate and shrink release builds
    • Remove debug logs in production
    • Implement certificate pinning for network calls
    • Use secure random number generation
Access Control
  • Implement proper authentication mechanisms
    • Use principle of least privilege
    • Validate all user inputs
    • Protect against injection attacks
Network Security
  • Use TLS 1.2 or higher
    • Validate server certificates
    • Implement timeout mechanisms
    • Handle network errors securely

WebView Security

Using WebView in payment applications carries significant security risks. Please review the [WebView guidelines](/smartpos/app-development/web-view) carefully before implementation.

Security Review

All applications submitted to the SmartPOS Store undergo security review as part of the certification process.

Resources