Mobile phones are becoming one of the most used devices in our homes and probably most important in our lives. It became usual to look at your phone first thing in the morning and last thing before going to sleep. Since phones are an integral part of our daily routine, without a doubt reaching new customers via mobile devices is essential to any business that wants to reach more people or even keep their current customers satisfied. 

Why are mobile payments so important?

After all, cash payments are already considered outdated since it is so convenient to use credit or debit cards. So it is no wonder that such a convenient way of paying has come to web and mobile devices and is accepted globally.

People looking on a train looking at phones

Statista reports that in 2021, 53.9 % of total U.S retail e-commerce is expected to be generated via mobile apps. More about the importance of mobile apps in the e-commerce business, you can find on this link. It comes as no surprise that mobile app payment integration is becoming one of the essentials in any serious retail business. For successful integration of payment methods in a mobile app, you will need a payment gateway.

What is a payment gateway?

  • In physical stores, payment gateways consist of the point of sale (POS) terminals used to accept payments by card or by phone.

  • In online stores, payment gateways are the “checkout” portal used to enter credit card information or credentials for services such as PayPal, etc.

The payment gateway is the best practice to handle online payments. It is responsible for security while collecting customer information in the application and then sending it to an acquiring bank or payment processor in order to perform the transaction. 

Integrated or Hosted gateway payments?

  • Hosted Gateway payments redirect users to another site to complete his/her purchase, which can sometimes seem as a not trustworthy behavior or even make users give up the purchase.

  • Integrated Gateway payments are connected through API with your mobile or web app. It gives users a smooth experience, which is quite important when around 23% give up the purchase for checkout being complicated and demanding too much information.

paying over the appSecurity and PCI

When choosing a payment gateway, you should pay attention to whether it supports the authenticated tokenization process as this is required when accepting payments in a mobile app. This token represents the encrypted card data and is used to execute a transaction. If your payment gateway does not support it, you must implement it yourself, and you must compile to Payment Card Industry Data Security Standard. The process for becoming PCI compliant takes months of work, and it is a far better option to choose the payment gateway that eases that process. 

Some of the most famous gateway payments PayPal, Stripe, and Braintree ease PCI compliance by sending encrypted credit card data as token and simplify the development with their SDKs. If you follow the guidelines mentioned below, PayPal, Stripe, and Braintree oblige you to only fill out the PCI Assessment Questionnaire.

PCI Self - Assessment Questionnaires 

To help you determine if your payment processing setup is PCI compliant, you must fill out a Self-Assessment Questionnaire (SAQ) annually. The SAQ includes a series of yes-or-no questions for each applicable PCI DSS requirement. Read more about the different SAQs.

IMPORTANT - Failing to complete your annual SAQ for PCI compliance could result in substantial fines and the suspension of your ability to accept credit card payments.

***Please note - If you are processing more than 6 million transactions per year, you are not eligible to use SAQ to prove PCI compliance. 

a phone in the hand and a laptop on the table

PayPal

There is no chance that you haven't heard of PayPal before as it is one of the most famous payment gateways.

The fee is 2.9% of the transaction and  $0.30 per transaction.

PayPal is active in 200 countries. Unfortunately, PayPal supports only 20 currencies.

It is used by Walmart and eBay.

Integration of PayPal in mobile apps

Mobile Payment Libraries by PayPal are no longer supported.

PayPal provides REST server SDKs for various languages but the use of the PayPal Rest/payments APIs to accept credit card payment is restricted. Instead, you can accept credit card payments with Braintree Direct.

You can find all the necessary info about Braintree integration further in this article.

laptop on a desk

Stripe

Stripe is known as one of the cleanest API’s.

The fee is 2.9% of the transaction plus $0.30. International card fees are an additional 1% of the transaction, and Stripe supports over 135 different currencies. There are no contract requirements, but you must agree to the Terms of Service and Privacy Policy.

Stripe is active in 26 countries and it is used by Amazon, Shopify, and Dribbble.

Integration of Stripe in mobile apps 

Stripe mobile integration requires endpoints on your server that talk to the Stripe API. You should use official Stripe libraries for access to the Stripe API from your server. Stripe libraries are available in Ruby, Python, PHP, Node, Java, Go, .NET. More information can be found on this link

Android

The Stripe Android SDK has a couple of use case examples on GitHub page

Android SDK’s pre-built UI accepts credit cards, and there is an option to pay with Google Pay.

You can define StripeDefaultTheme that extends StripeBaseTheme to change your app’s look. Further information can be found on this link.

iOS

The Stripe iOS SDK is compatible with apps targeting iOS 10 and above. 

It requires Xcode10.1 or later for development. 

iOS SDK’s pre-built UI accepts credit cards and Apple Pay.

The appearance of UI is somewhat customizable by using the STPTheme object. All documentation and steps are available on this link.

You can find a simple example app on this link.

PCI compliance

Stripe’s mobile SDK is done in accordance with PCI DSS and is delivered via Stripe’s PCI validated systems. It is highly advised to rely on official SDKs for iOS or Android to be eligible for the simplest form of PCI validation - SAQ A. 

More information can be found on this link.

code on a screen

Braintree

It is free to integrate Braintree, and after the first $50000, you pay 2.9% of the transaction and $0.30 per transaction. International card fees are an additional 1% of the transaction, the same as Stripe’s. Braintree supports payments in more than 130 currencies and is active in 46 countries.

It is used by Airbnb, Uber, and GitHub.

Integration of Braintree in mobile apps

For both Android and iOS, there is a Drop-in UI. It is the easiest way to get started. It provides a fully-fledged payments experience out of the box. You can also create a custom UI and then tokenize the payment information using SDKs. There is a sandbox environment where you can test before going live, which is highly recommended. Please note that you will need to set up your server with Braintree SDK for your integration to work. Server-side SDK is available in Java, PHP, Node.js Python, Ruby, .NET. You can find further information on: 

https://developers.braintreepayments.com/start/hello-server/php

https://developers.braintreepayments.com/guides/credit-cards/server-side/php

Android

Android v3 SDK

The Braintree Android SDK helps you accept payments in your Android app. It offers backward support to Android API 21.

You should set up a browser switch since some payment flows utilize a browser switch (PayPal, Venmo, and 3D Secure verification).

Detailed information about implementation can be found on this link.

iOS

Braintree iOS v4 SDK

It offers support back to iOS 9.0, and Xcode 10+ is needed for development.

Braintree iOS SDK uses device location data for fraud detection (if location permission is granted by the user and requested in your app). If you don't want to, you don't need to use it, but Apple requires the NSLocationWhenInUseUsageDescription key in your Info.plist if your app contains code referencing location APIs.

Detailed information about implementation can be found on this link.

PCI compliance

Although Braintree securely stores and processes card data, integrating with Braintree does not automatically fulfill the PCI compliance requirements. Depending on the PCI level of compliance (level 3 or 4), Braintree Direct can set you up with SecurityMetrics at no cost. Level 1 and 2 merchants who chose to partner with SecurityMetrics will be subjected to any enterprise-level fees by SecurityMetrics or are free to choose their own QSA company. More information can be found on this link.

------------------

Your choice for payment gateway should be focused on your business needs, but keep in mind that if you are not offering the customer’s preferred way of payment, there is a good chance they will cancel the purchase.

For further reading - Designing Mobile Payment Experiences by Skip Allums

***Please note that fees for all payment gateways may vary depending on the seller's country and currency. Fees listed above are all regarding the U.S market.