Versioning and change log

PCI-SSF assessment and certification

The Checkout Android SDK has gone through a thorough assessment against the PCI-SSF standard and is now certified PCI-SSF compliant. This will help you reduce the scope of your own PCI assessments.

Minimum version requirements:

• The minimum Android version supported by the SDK for the purpose of providing a PCI-SSF compliant solution is Android 13 (minimum API level 33).
• Although the SDK supports Android 8 to 12 it is not PCI-SSF compliant for these versions. This is because Google has stopped supporting/delivering security fixes for these versions.

Version 3 functionality we have removed in version 4:

• Support for using EditText. AccessCheckoutEditText must be used instead. This component is dedicated to capturing and encapsulating your customer's card details to minimize your exposure to PCI data.
• Support for passing card details directly to create an instance of CardDetails.
• Support for using merchantId() in AccessCheckoutClientBuilder to pass your Checkout ID. This is replaced by checkoutId().

Licensing

The Access Checkout Android SDK license is now a proprietary license (previously open source). This is for the purpose of protecting you against a risk of breaking changes in case where the Worldpay APIs, consumed by the SDK, are to change in the future.

Support for enhanced card sessions

The SDK now returns a card session URL in the form of https://access.worldpay.com/sessions/.... Previously, the card session URL looked like this: https://access.worldpay.com/verifiedTokens/sessions/... .

The format of the new card session URL supports our new upcoming Payments API, whilst also remaining compatible with our Verified Tokens API.

Support for SAQ-A compliance

• We have added a new UI component (AccessCheckoutEditText) dedicated to capturing and encapsulating your customer's card details to minimize your exposure to PCI data.

At a high level, you now pass references of instances of this UI component to our SDK. The SDK ensures you don't have to manipulate card details directly. This allows your application to be assessed against the PCI SAQ-A standard.

Version 2 functionality that is deprecated in version 3:

• Support for using EditText (planned removal in version 4).
• Support for directly passing card details to create an instance of CardDetails (planned removal in version 4).
• Support for using merchantId() in AccessCheckoutClientBuilder to pass your Checkout ID is deprecated and replaced by checkoutId() (planned removal of merchantId() in version 4).

Minimum version requirements:

To use all available properties on our Android SDK use API level 26, which is the minimum version for our Checkout SDK versions 3 to 4.1.

However, the majority of properties are also available on API level 21 which is supported by version 4.2.0 of our Checkout SDK. Please refer to our methods table for further details.

You can find further guidance on Android API levels here.

Version 2 has a simplified integration and caters for CVC session creation for our Android and iOS SDK.

In version 4.2.0 of our Checkout Android SDK, we have reduced the minimum supported version of Android from API level 26 to API level 21.

Please note that whilst Android API level 21 is now the minimum version supported by the Android SDK, some properties of the AccessCheckoutEditText component are not available on this API level. For more guidance regarding which properties are supported by the different Android API levels, please refer to our methods table.

We have added support for:

• autofillHints - allowing for credit card information to be auto-filled
• onFocus events - allowing the UI to benefit from dynamic customization

Additionally, we have implemented a fix to ensure the SDK provides appropriate AccessCheckoutExceptions instead of IllegalArgumentExceptions.

PAN formatting allows you to format the card in your checkout form as the customer types.

The card brand configuration allows you to restrict the cards that you accept on your checkout form.

We have increased the lifespan of the CVC session from one minute to 15 minutes.