Apto PCI SDK Overview

The PCI SDKs enable you to:

Obtain PCI Card Data#

The PCIView UI component exposes a method which reveals the card’s PCI data. To display card data, this component must be integrated into your UI.

The component implements logic which:

  1. Verifies the cardholder using both of the user's primary credentials.

  2. Securely sends the card details to the PCI SDK using two layers of encryption:

    • SSL
    • PCI data encryption using a single-use key generated during the verification process.
  3. The PCI SDK receives the encrypted data and decrypts it prior to displaying it on screen.

    This mechanism protects the PCI data from:

    • Being displayed to a requester who is not the cardholder.
    • Network sniffing techniques (the data is double-encrypted).
    • Exposing any PCI data to the logic of your app, to prevent violation of the PCI rules.

In summary, the PCI SDK encryption / decryption process prevents unauthorized entities from accessing the PCI data, and ensures the card data is only available to the cardholder.

In order for users in the Instant Issuance program to view their PCI data they must:

  1. Enter an OTP that is delivered to them via SMS

  2. One of the folling:

    • Enter their date of birth (D.O.B.).
    • Verify themselves via biometrics (as demonstrated in the Apto example apps).

Display PCI data#

The Apto PCI SDK isolates the card data from your application using an embedded IFrame.

The PCI SDK can:

  • Show the card’s PAN, CVV, and Expiration Date, within your UI. This enables you to render a card image within your UI to display appropriate card data.
  • Position each label independently.
  • Position the entire PCIView within your application layout.
  • Use CSS styles to customize the look and feel of the PAN, CVV, and Expiration Date labels, to make them feel part of your application.

The following documentation is available to learn more about the PCI SDKs: