Security
Security is paramount when developing applications for payment terminals. Follow these guidelines to ensure your SmartPOS application meets security requirements.
Compliance Requirements
PCI DSS
Payment Card Industry Data Security Standard compliance is mandatory for all payment applications.
GDPR
General Data Protection Regulation compliance for handling personal data.
Security Best Practices
Data Protection
- Never store sensitive cardholder data (PAN, CVV, PIN)
- Encrypt all data in transit
- Use secure storage for any persistent data
- Implement proper data retention policies
Code Security
- Obfuscate and shrink release builds
- Remove debug logs in production
- Implement certificate pinning for network calls
- Use secure random number generation
Access Control
- Implement proper authentication mechanisms
- Use principle of least privilege
- Validate all user inputs
- Protect against injection attacks
Network Security
- Use TLS 1.2 or higher
- Validate server certificates
- Implement timeout mechanisms
- Handle network errors securely
WebView Security
Using WebView in payment applications carries significant security risks. Please review the [WebView guidelines](/smartpos/app-development/web-view) carefully before implementation.
Security Review
All applications submitted to the SmartPOS Store undergo security review as part of the certification process.