What to consider before you add Client Side Encryption:
Prerequisite: You're connected to us via a
CSE integration requires you to be PCI DSS compliant to a level of Self Assessment Questionnaire A-EP or above, in accordance with the latest PCI DSS standards (v3.2.1). Your particular level of compliance may differ depending on your own unique setup, so we recommend consulting a QSA to make sure you're set up in the right way to meet your desired PCI DSS level.
Bear in mind that:
When submitting your shopper's detail to your server, make sure you exclude all of the cardholder data (name, number, expiry date, cvc). If you do this from a HTML form, be sure to remove the name="[YOUR FIELD NAME]" attribute from the HTML
<input> element. The only time cardholder data should pass through your server is in the encrypted format generated by the CSE libraries. Receiving raw cardholder data on your server could jeopardise your PCI DSS compliance.
When the encrypted cardholder data is received by your server it should never be stored. If you want to store your shopper's payment information for later use, you should use CSE to generate a token and store this instead. Storing the encrypted cardholder data could jeopardise your PCI DSS compliance.
Client Side Encryption is compatible with most modern browsers, including Internet Explorer, Mozilla Firefox, Google Chrome, and Safari.
Note: We cannot guarantee that Client Side Encryption will work if a shopper is using an out-dated version of the above browsers.
Worldpay CSE Android SDK supports:
Android SDK 2.2 onwards
JDK 1.6 onwards
Android Studio 1.2.1 onwards
Gradle 2.2.1 onwards
Build Tools 22.0.1 onwards
Worldpay CSE SDK depends on two external libraries:
Worldpay CSE iOS library supports:
iOS 7.0 onwards
Xcode 6.4 onwards
Note: With the launch of iOS 9 Apple have changed the minimum requirements for security on web connections. Please see the Apple site for more information: https://developer.apple.com/library/prerelease/ios/technotes/App-Transport-Security-Technote/
Worldpay CSE SDK depends on AES and RSA implementations from
We provide the ability to change your keys. See
Feedback or bugs to report?
Ask our developer community.
Search our documentation, API references and articles.