Embodiments leverage the PCI-DSS validation of a backend transaction processing system to avoid the payment application having to meet the PCI compliance reporting requirements of the PCI-DSS. When the payment application needs to collect Sensitive Data for a transaction, the payment application makes a request to the payment library, which in turn requests from the backend system a secure web page including fields for the user to enter the specific Sensitive Data to be collected and typically also including a public encryption key generated specifically for the secure web page. The payment library causes the secure web page to be rendered, thereby allowing the user to enter the required information. Upon completion of such data entry, the data entered via the secure web page is pushed back through the payment library to the backend system for processing. The backend system can decrypt the encrypted data using the private key associated with the public/private encryption key pair.