I am using Phonegap to build an app which has a form with credit card info which data get submitted to my server. The server has SSL on top of it, From there using the payment gateway API I generate a token for this credit card in order to process the payment.
Is it safe to directly post to the server since i use a mobile app therefore a potential attacker could not interact with the form itself?
I could post the data directly to the payment gateway to retrieve that token but I would like the server solution since I can handle any errors/exception better.
What is your opinion??
If you post card data to your server then you, it, its network and hosting environment must all be PCI complaint which is a major undertaking and involves significantly more than simply using SSL: Q: Am I PCI compliant if I have an SSL certificate?
I could post the data directly to the payment gateway
Yes. Do this, its a no brainer.