18Kas
Are client-side-only apps regulated by PCI?
Consider a client-side-only application. It may allow a user to make a payment by redirecting them to a payment gateway website, where they enter the credit card details. If I understand correctly, in this case only the payment provider must be PCI compliant, as the app itself does not know anything about payment info at all.
Now, what if the app remembers credit card details (for convenience) and automatically populates the payment form on that website? The whole thing happens on the client side. Are there regulations regarding how the card number has to be stored on the client? Is it ok to remember it at all?
