Best Practices for Secure Client Applications

Developers of secure client applications should observe the following rules:

• Do not hard-code values for the Gateway credentials into the application

• Do not store or cache form data on the device

• Require or encourage end users to use the native security services of the device

• You must use HTTPS to provide transport-layer security