Security Considerations


Under default configuration, the SDK already incorporates the following security measures:


However, when developing your app, you are responsible for reviewing and implementing the following security considerations:



App Transport Security (ATS)

You must configure your app properly for App Transport Security (ATS).
Click here to learn how.



Third-Party Keyboard Support

By default, iOS allows third-party apps to override the built-in keyboard. This may pose a risk to the security and compliance of your app, as keystrokes or words may be leaked to untrusted parties. For these reasons, you must disable third-party keyboard support on your payment form. The following example demonstrates this in Swift:

func application(_ application: UIApplication, shouldAllowExtensionPointIdentifier extensionPointIdentifier: UIApplicationExtensionPointIdentifier) -> Bool {
    if extensionPointIdentifier == UIApplicationExtensionPointIdentifier.keyboard {
        return false
    return true


OWASP Top 10

The Open Web Application Security Project (OWASP) maintains a regularly-updated list of the most pressing web application security concerns. We strongly recommend you follow their latest guidelines. Click here to learn more.



PCI Compliance

When processing payments and handling transaction data, you need to ensure your solution is fully compliant with the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS aims to protect customer data from unauthorised access and ultimately to reduce the risk of fraud when processing payments online. Click here to learn more.