Comments (1)
dgoldman-pdx
commented on May 13, 2024
@seamug thanks for that link. Yes, this presentation does a good job of introducing several avenues of attacking a mobile app, especially an iOS POS app. It also provides some really good advice about how to design a POS app, and how to manage its distribution.
In the case of card.io, all that our library does is provide your app a way for the user to visually or manually enter their credit card information. That information is then handed over to your app. By the definition of this task, the information must be handed over in an unencrypted form. So that's an unavoidable point of vulnerability -- if someone has compromised your app.
On a jailbroken device, there's essentially nothing that an attacker can't get to. In implementing card.io, we've taken several steps (of which some were alluded to in this video) to make our library itself more difficult to analyze and compromise. But it's not possible to block all possible avenues of attack, especially on a jailbroken device. And, in any case, card.io eventually hands the unencrypted card information to your app.
As discussed in the video, if you are building a POS app and want to ensure that credit card information is extremely difficult to intercept, you will need to use a hardware card reader that performs hardware encryption before handing the data over to your app.
from card.io-ios-sdk.
Related Issues (20)
- Can't scan bank card picture?
- not able to use CardIO.framework , gives linker error HOT 10
- getting Card Number without spaces HOT 1
- Does Card.io iOS or Android SDK used in an app gets the app into PCI scope? Can Card.io be out of PCI scope for the app? HOT 2
- How to get UIImage from CardIOCreditCardType
- Not allow 18 digits credit cards HOT 1
- Crash with Accessibility mode enabled
- Can't change the navBar topItems title.
- Card.io Does not scan non - Embossed Digits Credit Cards HOT 3
- No such module 'CardIO'
- Is there a way to get the card type by number without scanning? HOT 1
- CardHolder name HOT 2
- Warning caused by old CardIO HOT 3
- Doesn't scan expiration date
- how can i get scanned credit card image without compression?
- Failed to build in XCode 10 & Swift 4.2 HOT 2
- Can scan, no results obtained HOT 1
- How can I change the navigation bars bar items? HOT 1
- Not able to add Maestro card HOT 4
- Can't scan any card
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from card.io-ios-sdk.