• Ghoelian
    link
    fedilink
    English
    102 months ago

    McDonald’s was just an example, the point is most apps don’t need to do that at all.

    I do happen to know how payment systems like that work, and thankfully those are all cloud-based, the only thing the app does is start transactions and check with the server if they’re paid. If they implemented it well, as I suspect a big corpo like McDonald’s probably would, their own order screen also checks server-side if orders are paid. Not much you can do from the app side to mess with that.

    • ℍ𝕂-𝟞𝟝
      link
      fedilink
      English
      1
      edit-2
      2 months ago

      the only thing the app does is start transactions and check with the server if they’re paid

      Yeah, but the whole PCI DSS thing means that the app must still be secured. That doesn’t necessarily mean that it has to be tied to Google Play, but explain it to them.

      • Ghoelian
        link
        fedilink
        English
        22 months ago

        Afaik that only applies if the app is processing payments, which in this case it shouldnt be.

        • ℍ𝕂-𝟞𝟝
          link
          fedilink
          English
          12 months ago

          A lesser standard still applies if it either embeds or redirects to a payment page. Again, shouldn’t mean shit, but still.