Security Best Practices
Follow these security guidelines to ensure your integration is secure and compliant with payment industry standards.
Overview
Credential Security
Never hardcode credentials
Environment Separation
Isolate dev and production
PIN Protection
Enable PIN pad shuffling
Location Validation
Detect mocked locations
Session Management
Handle expiry gracefully
Data Protection
Never log sensitive data
Credential Management
Security Risk
Hardcoded credentials can be extracted from APK files. Always use secure storage mechanisms.
Bad Practice
Loading...Good Practice
Loading...Environment Separation
Always use separate environments for development and production:
Loading...PIN Pad Security
Shuffle the PIN pad layout to prevent shoulder-surfing attacks:
Loading...Location Validation
Detect and block transactions from mocked/fake locations:
Loading...Session Security
Implement proper session expiry handling and secure logging:
Loading...Production Checklist
| Check | Status |
|---|---|
| Remove hardcoded credentials | Required |
| Set environment to PRODUCTION | Required |
| Disable debug logging (enableLogs = false) | Recommended |
| Enable PIN shuffle for high-security | Recommended |
| Implement location validation | Recommended |
| Handle session expiry gracefully | Required |
| Test with real cards in SANDBOX first | Required |
Network Security
- The SDK uses HTTPS for all communications
- Certificate pinning is implemented internally
- Ensure
android:usesCleartextTraffic="false"in production
On this page
Downloads
Coming SoonSample apps, release bundles, and more content will be available here soon.