Menu
Feedback
Start here
Tutorials
Developer portal

Known Issues
Support Rules
Troubleshooting

Frequently Asked Questions
Announcements
Tutorials
Tutorials
Explore in-depth tutorials for operating your VTEX store.
Tutorials
Payments
Payments overview
Do I need the PCI certification to sell in native mobile apps?
Do I need the PCI certification to sell in native mobile apps?

To develop a native mobile app of your store (either for Android or iOS) and sell through it, it's important to have the PCI certificate in one of your ratings. This is because native apps run in an environment outside of VTEX and it is necessary to ensure information security at all levels of the buying process.

In a purchase made through a native app, the customer data (personal data, payment, delivery, etc.) is sent to VTEX through API. Only then is the order created and the payment processed. VTEX is PCI-certified (read more in detail below) and ensures data security, but the application must also comply with the protocol.

How to obtain PCI certification?

To get a PCI certificate for your store, you need to consult a PCI QSA (PCI Qualified Security Assessors) company. These companies are qualified to evaluate systems and processes on a case-by-case basis. A good example is Cipher.

You can answer all your questions about the certification process on the official PCI Security Standards Council website.

Alternatives

We do not recommend that you invest in a PCI certification. Instead, you should make use of VTEX certification to avoid extra costs. But there are other opportunities for an application in your store, you can work with the alternatives.

Hybrid mobile app

In the case of apps running on Webview on Android and iOS systems, we understand that there is no need for your own certificate. This is because both front-end and back-end run within VTEX: your client is already browsing and entering data in a secure, certified environment.

Progressive Web Apps

With the PWA solution, you also don't need your own PCI certificate. The PWA is a web application that is created on the mobile device using cached website data. That is, all that the end user sees is information obtained and executed in your store, which is in a safe and certified environment.

VTEX Certification

VTEX is certified by the PCI DSS (Payment Card Industry Data Security Standard), which ensures that the data entered on the platform is secure. Our infrastructure, front-end, and back-end development processes undergo annual assessments for the renewal of the PCI DSS Certificate.

See more details on the VTEX PCI certificate and how to add the PCI seal to the footer of your store here.

Contributors
2
Photo of the contributor
Photo of the contributor
+ 2 contributors
Was this helpful?
Yes
No
Suggest Edits (GitHub)
Contributors
2
Photo of the contributor
Photo of the contributor
+ 2 contributors
On this page
Still got questions?
Ask the community
Find solutions and share ideas in the VTEX community.
Join our community
Request support from VTEX
For personalized assistance, contact our experts.
Open a support ticket
GithubDeveloper portalCommunityFeedback