Before you connect to Client Side Encryption

You have three options on the client side: JavaScript, Android and iOS.

What to consider before you add Client Side Encryption:

Prerequisite: You're connected to us via aDirectintegration, and have contacted your Relationship Manager to enable Client Side Encryption (CSE).

Required PCI DSS Compliance

CSE integration requires you to be PCI DSS compliant to a level of Self Assessment Questionnaire A-EP or above, in accordance with the latest PCI DSS standards (v3.2.1). Your particular level of compliance may differ depending on your own unique setup, so we recommend consulting a QSA to make sure you're set up in the right way to meet your desired PCI DSS level.

Data best practice

Bear in mind that:

  • When submitting your shopper's detail to your server, make sure you exclude all of the cardholder data (name, number, expiry date, cvc). If you do this from a HTML form, be sure to remove the name="[YOUR FIELD NAME]" attribute from the HTML <input> element. The only time cardholder data should pass through your server is in the encrypted format generated by the CSE libraries. Receiving raw cardholder data on your server could jeopardise your PCI DSS compliance.

  • When the encrypted cardholder data is received by your server it should never be stored. If you want to store your shopper's payment information for later use, you should use CSE to generate a token and store this instead. Storing the encrypted cardholder data could jeopardise your PCI DSS compliance.

Browser Compatibility

Client Side Encryption is compatible with most modern browsers, including Internet Explorer, Mozilla Firefox, Google Chrome, and Safari.

Note: We cannot guarantee that Client Side Encryption will work if a shopper is using an out-dated version of the above browsers.

Android integration

Supported formats

Worldpay CSE Android SDK supports:

  • Android SDK 2.2 onwards

  • JDK 1.6 onwards

  • Android Studio 1.2.1 onwards

  • Gradle 2.2.1 onwards

  • Build Tools 22.0.1 onwards


Worldpay CSE SDK depends on two external libraries:

iOS integration

Supported formats

Worldpay CSE iOS library supports:

  • iOS 7.0 onwards

  • Xcode 6.4 onwards

    Note: With the launch of iOS 9 Apple have changed the minimum requirements for security on web connections. Please see the Apple site for more information:


Worldpay CSE SDK depends on AES and RSA implementations fromOpenSSL.

Key Rotation

We provide the ability to change your keys. SeeKey Rotationfor details.