I need to implement a solution that allows a Mobile APP make a payment against a payment gateway service.
The data I send are the card details and payment data itself.
It is impractical to enter card details each time you want to make a payment, so...so i has been analyzed the following alternatives :
Save the data card into your smartphone. Discarded by security.
Use a third party to store card data, such as PayPal Vault. Discarded by assign the data to a third party.
Save the card data on a own "central server" and using a token strategy. This has the disadvantage that this infrastructure should fullfill[PCI-DSS regulations][1]
Save some data card on a smartphone and the rest in a central service (infraestructure), for example half of the PAN in the mobile, an the other half on the smartphone.
According to the fourth alternative :
The question is, if just ONLY part of the data card is stored, should also this central service fulfill with PCI-DSS standard ??
Thank you