Before you connect to Client Side Encryption
What to consider before you add Client Side Encryption:
Prerequisite: You're connected to us via a Direct integration, and have contacted your Relationship Manager to enable Client Side Encryption (CSE).
CSE integration requires you to be PCI DSS compliant to a level of Self Assessment Questionnaire A-EP or above, in accordance with the latest PCI DSS standards (v3.2.1). Your particular level of compliance may differ depending on your own unique setup, so we recommend consulting a QSA to make sure you're set up in the right way to meet your desired PCI DSS level.
Data best practice
Bear in mind that:
When submitting your shopper's detail to your server, make sure you exclude all of the cardholder data (name, number, expiry date, cvc). If you do this from a HTML form, be sure to remove the name="[YOUR FIELD NAME]" attribute from the HTML <input> element. The only time cardholder data should pass through your server is in the encrypted format generated by the CSE libraries. Receiving raw cardholder data on your server could jeopardise your PCI DSS compliance.
When the encrypted cardholder data is received by your server it should never be stored. If you want to store your shopper's payment information for later use, you should use CSE to generate a token and store this instead. Storing the encrypted cardholder data could jeopardise your PCI DSS compliance.
Client Side Encryption is compatible with most modern browsers, including Internet Explorer, Mozilla Firefox, Google Chrome, and Safari.
Note: We cannot guarantee that Client Side Encryption will work if a shopper is using an out-dated version of the above browsers.
Worldpay CSE Android SDK supports:
Android SDK 2.2 onwards
JDK 1.6 onwards
Android Studio 1.2.1 onwards
Gradle 2.2.1 onwards
Build Tools 22.0.1 onwards
Worldpay CSE SDK depends on two external libraries:
GSON - for JSON serialisation
Worldpay CSE iOS library supports:
iOS 7.0 onwards
Xcode 6.4 onwards
Note: With the launch of iOS 9 Apple have changed the minimum requirements for security on web connections. Please see the Apple site for more information: https://developer.apple.com/library/prerelease/ios/technotes/App-Transport-Security-Technote/
Worldpay CSE SDK depends on AES and RSA implementations from OpenSSL.
We provide the ability to change your keys. See Key Rotation for details.