Client-side encryption
|
|
- Melina Allen
- 8 years ago
- Views:
Transcription
1 Client-side encryption SmartPay
2 Contents Client-side encryption 3 How does it work? 3 Integration methods 3 Fast implementation, minimal PCI requirements 4 Where can I find my public key? 4 Is client-side encryption secure? 4 Key features 4 Completing payment support including 3D Secure 5 Integration examples 5 Identify your form with an ID attribute 5 Input fields 5 Generationtime field 5 The Javascript 5 Changing form post behaviour using AJAX 5 Integration example server side 6 Submit a charge 6 Submit initial charge and store customer 6 List recurring details/cards for customer 7 Submit a recurring charge 7 Main benefits 8 Client-side encryption Page 2
3 Client-side encryption Barclaycard SmartPay client-side encryption is a P2PE (Point-to-Point Encryption) solution for Card-Not-Present (CNP) payments which takes the headache out of PCI compliance. With this solution, you can take credit card payments directly on your own website by encrypting the card in the browser (client) so that the card data is never visible to your server. How does it work? All that is required are the following simple steps. 1. Build your credit card form as you normally would. 2. Make sure the card fields have the attribute dataencrypted-name instead of name. 3. Include the adyen.encrypt.min.js client encryption library. 4. Set the public key and tie the library to your form. Integration methods: full flexibility in look and feel no card details passing your system supports all features including 3D Secure secure and proven solution. The client encryption library will: 1. intercept the form submission event before it hits your server 2. encrypt the card fields in-browser using a per transaction unique AES key 3. encrypt the unique AES key with your RSA public key 4. send the encrypted data (containing the card and encrypted AES key) with the other fields in the form. Client-side encryption Page 3
4 Fast implementation, minimal PCI requirements Where can I find my public key? The public key is tied to the WebService user you will be submitting the API payment request with. It is available in the back office under Settings > Users and will be of the form ws@company.yourcompanyname. If no key has been generated yet, you will see an option to Generate the key first. It is displayed in pre-formatted form so you can simply copy and paste it into your page. Key features: the Public Key (RSA) can be downloaded from the Barclaycard SmartPay back office the Secret Key (RSA) is only known to Barclaycard and stored only in encrypted form all Card data is End-To-End encrypted and is never visible to merchants the payment authorisation is done over the server-toserver Barclaycard SmartPay API using the encrypted card. the encrypted data is only valid for a period of 24 hours and tied to your public key. It is of no use outside of this context u se s RSA and ECC in JavaScript: the jsbn library is a fast, portable implementation of large number mathematics in pure JavaScript, enabling public-key crypto and other applications on desktop and mobile browsers uses Stanford Javascript Crypto Library (AES): the Stanford Javascript Crypto Library is a project by the Stanford Computer Security Lab to build a secure, powerful, fast, small, easy-to-use, cross-browser library for cryptography in Javascript. Is client-side encryption secure? The client-side encryption solution uses only PCI/NIST approved cryptographic algorithms. The RSA key is 2048 bits and unique to your user account. Per transaction the client will generate a unique AES (256bit) key which is used in CCM mode for both encryption and authentication. Client-side encryption Page 4
5 Complete payment support including 3D Secure Integration examples A full integration example along with the Javascript lib: techevent2013/tree/master/javascript/ clientencryptionjs Identify your form with an ID attribute <form method= POST action= posthandler. action id= adyen encrypted form > Input fields Input fields for the card data should have no name attribute: <input type= text value= size= 20 autocomplete= off data encrypted name = number /> Generationtime field Add a hidden generationtime field with the current time on server: The format of this should be in the ISO 8601 standard format for XML as YYYY-MM-DDTHH:mm:ss.sssZ, e.g T14:02:30.668Z. It is important not to rely on the client s time (for production) which may be incorrect as the encrypted data is only usable within a 24-hour period of this time. <input type= hidden value = GENERATE_ON_SERVER id= generationtime data encrypted name= generationtime /> The Javascript <script src= js/adyen.encrypt.min.js ></script> var form = document.getelementbyid( adyen encrypted form ); // the form element to encrypt var key = 10001j80C BC3458E F024B A2D ; // the public key adyen.encrypt.createencryptedform( form, key ); // the form will be encrypted before it is submitted Changing form post behaviour using ajax You can change the behaviour of the library by adding options to the createencryptedform(). For example, change the name of the encrypted data and submit the form using AJAX rather than the default: var name = fieldnameofyourchoosing ; adyen.encrypt.createencryptedform( form, key { name : name, onsubmit : function(e) {... Your AJAX Code Here... e.preventdefault(); } }); Client-side encryption Page 5
6 Integration example server side Here are some examples of how to use the Barclaycard SmartPay client-side encryption API. We use command-line Curl for the sake of simplicity, but the principle remains the same regardless of the tool or programming language used. Submit a charge curl --user username:password \ --data-urlencode action=payment.authorise \ --data-urlencode paymentrequest.amount.currency=eur \ --data-urlencode paymentrequest.amount.value=1234 \ --data-urlencode paymentrequest.merchantaccount=youraccountcode \ --data-urlencode paymentrequest.reference=example Order 1 \ --data-urlencode paymentrequest.additionaldata.card.encryptedjson= adyenjs_0_1_1$egcjxidhkg5lyq...6luio9ripqytbu11mjic+ rlmyxituyct7a9ydef2rlv2i56koaap66ttm2uzkto4pkrw4yca8dzyq== Submit intial charge and store customer curl --user username:password \ --data-urlencode action=payment.authorise \ --data-urlencode paymentrequest.amount.currency=eur \ --data-urlencode paymentrequest.amount.value=1234 \ --data-urlencode paymentrequest.merchantaccount=youraccountcode \ --data-urlencode paymentrequest.reference=example Order 1 \ --data-urlencode paymentrequest.recurring.contract=recurring \ --data-urlencode paymentrequest.shopperreference=user123 \ --data-urlencode paymentrequest.shopper =john.doe@example.com \ --data-urlencode paymentrequest.additionaldata.card.encrypted.json= adyenjs_0_1_1$kj7nlobe1rlc2...iae/cy878h+op Response ---- paymentresult.authcode=98356 paymentresult.pspreference= paymentresult.resultcode=authorised Client-side encryption Page 6
7 List recurring details/cards for customer curl --user username:password \ --data-urlencode action=recurring.listrecurringdetails \ --data-urlencode recurringdetailsrequest.merchantaccount=youraccountcode \ --data-urlencode recurringdetailsrequest.recurring.contract=recurring --data-urlencode recurringdetailsrequest.shopperreference=user123 \ --data-urlencode recurringdetailsrequest.shopper =john.doe@example.com \ Response ---- recurringdetailsresult.shopperreference=user123 recurringdetailsresult.creationdate= t13:23:14+01:00 recurringdetailsresult.lastknownshopper =john.doe@example.com recurringdetailsresult.details.0.variant=mc recurringdetailsresult.details.0.recurringdetailreference= recurringdetailsresult.details.0.creationdate= t13:23:16+01:00 recurringdetailsresult.details.0.card.number=1111 recurringdetailsresult.details.0.card.expirymonth=6 recurringdetailsresult.details.0.card.expiryyear=2016 recurringdetailsresult.details.0.card.holdername=john Doe Submit a recurring charge curl --user username:password \ --data-urlencode action=payment.authorise \ --data-urlencode paymentrequest.amount.currency=eur \ --data-urlencode paymentrequest.amount.value=1234 \ --data-urlencode paymentrequest.merchantaccount=youraccountcode \ --data-urlencode paymentrequest.reference=example Order 2 \ --data-urlencode paymentrequest.shopperreference=user123 \ --data-urlencode paymentrequest.shopper =john.doe@example.com \ --data-urlencode paymentrequest.shopperinteraction=contauth \ --data-urlencode paymentrequest.recurring.contract=recurring \ --data-urlencode paymentrequest.selectedrecurringdetailreference= Response ---- paymentresult.authcode=75682 paymentresult.pspreference= paymentresult.resultcode=authorised Client-side encryption Page 7
8 Main benefits: the credit card data is never readable to you stateless, synchronous processing - the solution does not rely on a session token. uses existing Barclaycard SmartPay APIs, therefore all features are available: 3D Secure recurring risk/fraud detection. Find out more To see the latest versions of our Barclaycard SmartPay support manuals, please refer to our resource centre website: barclaycard.com/smartpay/documentation To contact our support team Support.SmartPay@barclaycard.co.uk call * or from abroad * Support hours are Monday Friday 09:00 to 18:00 GMT. This information is available in large print, Braille or audio format by calling ** *Calls may be monitored or recorded to maintain high levels of security and quality of service. **For BT business customers, calls to numbers will cost no more than 5.5p per minute, min call charge 6p (current at January 2014). The price on non-bt phone lines may be different. Calls may be monitored and/or recorded. Barclaycard is a trading name of Barclays Bank PLC. Barclays Bank PLC is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority (Financial Services Register Number: ) and subscribes to the Lending Code which is monitored and enforced by the Lending Standards Board. Registered in England No: Registered Office: 1 Churchill Place, London E14 5HP. BCD100962SP04. Created 01/ BD v1.0 Client-side encryption Page 8
Recurring payments manual
Recurring payments manual SmartPay Contents Introduction 3 Audience 3 What is a recurring contract? 4 Recurring vs One-Click 4 Usual workflow 4 Creating a recurring contract 5 Setting up the payment 5
More informationCard processing rates and ad hoc charges
Card processing rates and ad hoc charges This guide provides a full breakdown of the card types and the associated charge line descriptions that make up your card processing rates. It also provides a list
More informationCard types and ad hoc charges
payment acceptance Card types and ad hoc charges This guide provides a full breakdown of the card types and the associated charge line descriptions that make up your card processing rates. It also provides
More informationYour guide to epdq moto
Your guide to epdq moto Contents Introduction Login details for epdq Back Office Configuration, Advanced and Operations Taking a payment Payment response Authorised transactions View transactions Downloading
More informationQuick set-up and fast facts guide
BCD112079FCTB23 04/06/2013 23:19 Page 1 C M Y K Banking How to print a transaction log Banking must be carried out at the end of each business day. Just follow these simple steps: To help with reconciliation
More informationRisk management. SmartPay
Risk management SmartPay Contents Introduction 3 Managing conversion and risk 3 Managing false positives 4 Finding the optimum 4 How it works 5 Hosted payment pages 5 Fraud score action 5 Managing the
More informationBusiness Internet Banking security user guide
Business Internet Banking security user guide You must read this user guide before using Business Internet Banking. It is a very important document as it sets out security obligations you must comply with.
More informationCrypho Security Whitepaper
Crypho Security Whitepaper Crypho AS Crypho is an end-to-end encrypted enterprise messenger and file-sharing application. It achieves strong privacy and security using well-known, battle-tested encryption
More informationAuthorize.net modules for oscommerce Online Merchant.
Authorize.net Authorize.net modules for oscommerce Online Merchant. Chapters oscommerce Online Merchant v2.3 Copyright Copyright (c) 2014 oscommerce. All rights reserved. Content may be reproduced for
More informationsafe and sound processing online card payments securely
safe and sound processing online card payments securely Executive summary The following information and guidance is intended to provide key payment security advice to new or existing merchants who trade
More informationincrease your resistance How card not present gaming companies can minimise the risk of losing money through chargebacks
increase your resistance How card not present gaming companies can minimise the risk of losing money through chargebacks payment acceptance protect yourself We know that receiving a chargeback can cause
More informationBARX Corporate User Guide
BARX Corporate User Guide Contents Introduction Welcome 1 Contacting the BARX Corporate Client Services Team 2 Getting started Step 1. Downloading your Personal Digital Certificate 2 Step 2. Downloading
More informationUsable Crypto: Introducing minilock. Nadim Kobeissi HOPE X, NYC, 2014
Usable Crypto: Introducing minilock Nadim Kobeissi HOPE X, NYC, 2014 2012 Browsers are an environment that is hostile to cryptography Malleability of the JavaScript runtime. The lack of low-level (system-level)
More informationsafe and sound Processing online card payments securely leading the way in secure payments A white paper from Barclaycard PMS??? PMS??? PMS??? PMS???
BCD106002BROB1 24/09/2010 17:22 Page 1 C M Y K PMS??? PMS??? PMS??? PMS??? Non-printing Colours Non-print 1 Non-print 2 JOB LOCATION: PRINERGY 3 safe and sound Processing online card payments securely
More informationGuide to Data Field Encryption
Guide to Data Field Encryption Contents Introduction 2 Common Concepts and Glossary 3 Encryption 3 Data Field Encryption 3 Cryptography 3 Keys and Key Management 5 Secure Cryptographic Device 7 Considerations
More informationEnd-to-end Encryption for E-Commerce Payments using Voltage SecureData Web
Technical Brief using Voltage SecureData Web Introduction Today, merchants accepting card-not-present payments on the web are concerned about three major issues affecting their business with respect to
More informationTHE KEY TO DATA SECURITY
Secure Correspondence and File Sharing Zero-Knowledge Client-Side Encryption THE KEY TO DATA SECURITY TitanFile provides the highest level of security without compromising efficiency or ease of use. Securing
More informationSecuring Ship-to-Shore Data Flow
Securing Ship-to-Shore Data Flow Background on Common File Transfer Methods Today corporations, government entities, and other organizations rely on Electronic File Transfers as an important part of their
More informationE-Commerce SOLUTIONS. Generate Online Revenue with E-Commerce Solutions. www.monexgroup.com
E-Commerce SOLUTIONS In this report, MONEXgroup examines various types of online payment processing and E-Commerce Solutions. The tremendous transition towards online shopping stores in Canada has opened
More informationGoldKey Product Info. Do not leave your Information Assets at risk Read On... Detailed Product Catalogue for GoldKey
GoldKey Product Info Detailed Product Catalogue for GoldKey Do not leave your Information Assets at risk Read On... GoldKey: Reinventing the Security Strategy The Changing Landscape of Data Security With
More informationWealth and Investment Management. Financing. Structured solutions as individual as you are
Wealth and Investment Management Financing Structured solutions as individual as you are Singing Ringing Tree, by TONKIN, LIU, HILLTOP MUSICAL SCULPTURE, 2004. Wealth what is it to you? We provide financing
More informationOur Key Security Features Are:
September 2014 Version v1.8" Thank you for your interest in PasswordBox. On the following pages, you ll find a technical overview of the comprehensive security measures PasswordBox uses to protect your
More informationCiphire Mail. Abstract
Ciphire Mail Technical Introduction Abstract Ciphire Mail is cryptographic software providing email encryption and digital signatures. The Ciphire Mail client resides on the user's computer between the
More informationKey & Data Storage on Mobile Devices
Key & Data Storage on Mobile Devices Advanced Computer Networks 2015/2016 Johannes Feichtner johannes.feichtner@iaik.tugraz.at Outline Why is this topic so delicate? Keys & Key Management High-Level Cryptography
More informationThe Security Behind Sticky Password
The Security Behind Sticky Password Technical White Paper version 3, September 16th, 2015 Executive Summary When it comes to password management tools, concerns over secure data storage of passwords and
More informationCreating a More Secure Device with Windows Embedded Compact 7. Douglas Boling Boling Consulting Inc.
Creating a More Secure Device with Windows Embedded Compact 7 Douglas Boling Boling Consulting Inc. About Douglas Boling Independent consultant specializing in Windows Mobile and Windows Embedded Compact
More informationTransport Layer Security Protocols
SSL/TLS 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally designed to by Netscape to secure HTTP Version 2 is being replaced by version 3 Subsequently became Internet Standard known
More informationPerformance Testing for Ajax Applications
Radview Software How to Performance Testing for Ajax Applications Rich internet applications are growing rapidly and AJAX technologies serve as the building blocks for such applications. These new technologies
More informationApplication Note: Onsight Device VPN Configuration V1.1
Application Note: Onsight Device VPN Configuration V1.1 Table of Contents OVERVIEW 2 1 SUPPORTED VPN TYPES 2 1.1 OD VPN CLIENT 2 1.2 SUPPORTED PROTOCOLS AND CONFIGURATION 2 2 OD VPN CONFIGURATION 2 2.1
More informationInternet Authentication Procedure Guide
Internet Authentication Procedure Guide Authenticating cardholders successfully V10.0 Released May 2012 Software Version: Internet Authentication Protocol COPYRIGHT NOTICE No part of this publication may
More informationBlackBerry Enterprise Server Express System Requirements
BlackBerry Enterprise Server Express System s For information about calculating hardware requirements, visit www.blackberry.com/go/serverdocs to see the BlackBerry Enterprise Server Capacity Calculator
More informationDevice-Centric Authentication and WebCrypto
Device-Centric Authentication and WebCrypto Dirk Balfanz, Google, balfanz@google.com A Position Paper for the W3C Workshop on Web Cryptography Next Steps Device-Centric Authentication We believe that the
More informationDashlane Security Whitepaper
Dashlane Security Whitepaper November 2014 Protection of User Data in Dashlane Protection of User Data in Dashlane relies on 3 separate secrets: The User Master Password Never stored locally nor remotely.
More informationWealth and Investment Management. Banking Services. Day-to-day banking that s anything but everyday
Wealth and Investment Management Banking Services Day-to-day banking that s anything but everyday Day-to-day banking that s anything but everyday Our comprehensive banking service helps you to manage
More informationACFS PRODUCT FLYER. Its modular architecture allows a tailored integration, with a short time-to-market for different payment methods.
PRODUCT FLYER Internet Gateway Financial Systems is a modular software suite designed to support financial institutions and enterprises, providing a single interface for the optimized management of e-commerce
More informationACFS PRODUCT FLYER. Its modular architecture allows a tailored integration, with a short time-to-market for different payment methods.
PRODUCT FLYER Internet Gateway Financial Systems is a modular software suite designed to support financial institutions and enterprises, providing a single interface for the optimized management of e-commerce
More informationIndependent Security. Prepared for:
Independent Security Report (isr) Prepared for: isec Partners Final Report Independent Security Report (isr) Page 2 of 10 2014, isec Partners, Inc. Prepared by isec Partners, Inc. for Wickr. Portions of
More information2014 IBM Corporation
2014 IBM Corporation This is the 27 th Q&A event prepared by the IBM License Metric Tool Central Team (ICT) Currently we focus on version 9.x of IBM License Metric Tool (ILMT) The content of today s session
More informationSSL VPN vs. IPSec VPN
SSL VPN vs. IPSec VPN White Paper 254 E. Hacienda Avenue Campbell, CA 95008 www.arraynetworks.net (408) 378-6800 1 SSL VPN vs. IPSec VPN Copyright 2002 Array Networks, Inc. SSL VPN vs. IPSec VPN White
More informationSwivel Multi-factor Authentication
Swivel Multi-factor Authentication White Paper Abstract Swivel is a flexible authentication solution that offers a wide range of authentication models. The use of the Swivel patented one-time code extraction
More informationMOVEIT: SECURE, GUARANTEED FILE DELIVERY BY JONATHAN LAMPE, GCIA, GSNA
MOVEIT: SECURE, GUARANTEED FILE DELIVERY BY JONATHAN LAMPE, GCIA, GSNA The MOVEit line of secure managed file transfer software products by Ipswitch File Transfer consists of two flagship products, the
More informationProblem. Solution. Quatrix is professional, secure and easy to use file sharing.
Quatrix Data Sheet Problem Consumer file sharing services such as Hightail, WeTransfer and Dropbox are causing a massive headache for enterprise IT as BYOFT (bring your own file transfer) opens up vulnerabilities
More informationPayment Security Solution Processor Edition
WHITE PAPER Payment Security Solution Processor Edition For retail and e-commerce card processing environments Introduction This white paper describes Voltage Payment Security Solution Processor Edition
More informationWeb Testing. Main Concepts of Web Testing. Software Quality Assurance Telerik Software Academy http://academy.telerik.com
Web Testing Main Concepts of Web Testing Software Quality Assurance Telerik Software Academy http://academy.telerik.com The Lectors Snejina Lazarova Product Manager Business Services Team Dimo Mitev QA
More informationElavon Payment Gateway Integration Guide- Remote
Elavon Payment Gateway Integration Guide- Remote Version: v1.1 Table of Contents 1 About This Guide 3 1.1 Purpose 3 1.2 Audience 3 1.3 Prerequisites 3 1.4 Related Documents 3 2 Elavon Payment Gateway Remote
More informationInstallation and Administration Guide
Installation and Administration Guide BlackBerry Enterprise Transporter for BlackBerry Enterprise Service 12 Version 12.0 Published: 2014-11-06 SWD-20141106165936643 Contents What is BES12?... 6 Key features
More informationGATEWAY CONFIGURATION GUIDE. PowerCharge
GATEWAY CONFIGURATION GUIDE PowerCharge Table of Contents Overview... 3 eprocessing Networks Configuration... 3 Beanstream Configuration... 5 BeanStream Merchant ID... 5 BeanStream Transaction Username
More informationGestPay Technical Specifications iframe Payment Page
GestPay Technical Specifications iframe Payment Page Summary About this Document...4 About this version...5 1. Introduction... 6 2. System Architecture... 7 2.1 Architecture scheme... 7 3. Process phases
More informationAn Introduction to Cryptography and Digital Signatures
An Introduction to Cryptography and Digital Signatures Author: Ian Curry March 2001 Version 2.0 Copyright 2001-2003 Entrust. All rights reserved. Cryptography The concept of securing messages through
More informationConnected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)
Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.
More informationSecurity features of ZK Framework
1 Security features of ZK Framework This document provides a brief overview of security concerns related to JavaScript powered enterprise web application in general and how ZK built-in features secures
More informationThe governance IT needs Easy user adoption Trusted Managed File Transfer solutions
Product Datasheet The governance IT needs Easy user adoption Trusted Managed File Transfer solutions Full-featured Enterprise-class IT Solution for Managed File Transfer Organizations today must effectively
More informationHosted File Back-up for business. Keep your data safe with our cloud back-up service
Hosted File Back-up for business Keep your data safe with our cloud back-up service Why choose Hosted File Back-up? Your most important business asset is data. After all, without customer information,
More informationCryptography for Software and Web Developers
Cryptography for Software and Web Developers Part 1: Web and Crypto Hanno Böck 2014-05-28 1 / 14 HTTP and HTTPS SSL Stripping Cookies Mixed content HTTPS content, HTTP images Many webpages use some kind
More informationRSA SecurID Two-factor Authentication
RSA SecurID Two-factor Authentication Today, we live in an era where data is the lifeblood of a company. Now, security risks are more pressing as attackers have broadened their targets beyond financial
More informationCopyright Pivotal Software Inc, 2013-2015 1 of 10
Table of Contents Table of Contents Getting Started with Pivotal Single Sign-On Adding Users to a Single Sign-On Service Plan Administering Pivotal Single Sign-On Choosing an Application Type 1 2 5 7 10
More informationTraitware Authentication Service Integration Document
Traitware Authentication Service Integration Document February 2015 V1.1 Secure and simplify your digital life. Integrating Traitware Authentication This document covers the steps to integrate Traitware
More informationSecureAge SecureDs Data Breach Prevention Solution
SecureAge SecureDs Data Breach Prevention Solution In recent years, major cases of data loss and data leaks are reported almost every week. These include high profile cases like US government losing personal
More informationACFS PRODUCT FLYER. Its modular architecture allows a tailored integration, with a short time-to-market for different information systems.
PRODUCT FLYER General Routing Financial System is modular software suite designed to support enterprises providing a MOTO Gateway (Mail Order Telephone Order), complete with tokenization, multi-acquiring
More informationSecure web transactions system
Secure web transactions system TRUSTED WEB SECURITY MODEL Recently, as the generally accepted model in Internet application development, three-tier or multi-tier applications are used. Moreover, new trends
More informationPrivacy Patterns in Public Clouds
Privacy Patterns in Public Clouds Sashank Dara Security Technologies Group, Cisco Systems, Bangalore email: krishna.sashank@gmail.com January 25, 2014 Abstract Internet users typically consume a wide range
More informationBanking made clear. Quick guide
Banking made clear Quick guide Contents Barclays Money Skills is a national programme that helps people to develop and improve their financial skills, knowledge and confidence. Barclays has developed this
More informationSENSE Security overview 2014
SENSE Security overview 2014 Abstract... 3 Overview... 4 Installation... 6 Device Control... 7 Enrolment Process... 8 Authentication... 9 Network Protection... 12 Local Storage... 13 Conclusion... 15 2
More informationHP SecureData Payments Solution - Processor Edition
White paper Payments Solution - Processor Edition For retail and e-commerce card processing environments HP Security Voltage White Paper Payments Solution - Processor Edition Table of contents 6 8 Introduction
More informationPrivyLink Cryptographic Key Server *
WHITE PAPER PrivyLink Cryptographic Key * Tamper Resistant Protection of Key Information Assets for Preserving and Delivering End-to-End Trust and Values in e-businesses September 2003 E-commerce technology
More informationGlobal Iris Integration Guide ecommerce Remote Integration
Global Iris Integration Guide ecommerce Remote Integration February 2013 Table Of Contents 1 About This Guide... 3 1.1 Purpose... 3 1.2 Audience... 3 1.3 Prerequisites... 3 1.4 Related Documents... 3 2
More informationSecurity Protocols/Standards
Security Protocols/Standards Security Protocols/Standards Security Protocols/Standards How do we actually communicate securely across a hostile network? Provide integrity, confidentiality, authenticity
More informationPCI Security Standards Council
PCI Security Standards Council Ralph Poore, Director, Emerging Standards 2013 About PCI Emerging Technologies OWASP and Mobile Guidelines About PCI About the PCI Council Open, global forum Founded 2006
More informationPhoneCrypt Desktop. Phone Encryption Software. PhoneCrypt Manual Mobile phone encryption for Windows Platforms
PhoneCrypt Desktop Phone Encryption Software PhoneCrypt Manual Mobile phone encryption for Windows Platforms Introduction Contents http:// www. securstar.com info@securstar.com 2009 by SecurStar GmbH,
More informationPay with Amazon Integration Guide
2 2 Contents... 4 Introduction to Pay with Amazon... 5 Before you start - Important Information... 5 Important Advanced Payment APIs prerequisites... 5 How does Pay with Amazon work?...6 Key concepts in
More informationSAP Single Sign-On 2.0 Overview Presentation
SAP Single Sign-On 2.0 Overview Presentation March 2016 Public Agenda SAP security portfolio Overview SAP Single Sign-On Single sign-on main scenarios Capabilities Summary 2016 SAP SE or an SAP affiliate
More informationRSA SecurID Software Token 1.3 for iphone and ipad Administrator s Guide
RSA SecurID Software Token 1.3 for iphone and ipad Administrator s Guide Contact Information See the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks
More informationSecurity Policy Revision Date: 23 April 2009
Security Policy Revision Date: 23 April 2009 Remote Desktop Support Version 3.2.1 or later for Windows Version 3.1.2 or later for Linux and Mac 4 ISL Light Security Policy This section describes the procedure
More informationUsing Data Encryption to Achieve HIPAA Safe Harbor in the Cloud
Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud 1 Contents The Obligation to Protect Patient Data in the Cloud................................................... Complying with the HIPAA
More informationRealex Payments Integration Guide - Ecommerce Remote Integration. Version: v1.1
Realex Payments Integration Guide - Ecommerce Remote Integration Version: v1.1 Document Information Document Name: Realex Payments Integration Guide Ecommerce Remote Integration Document Version: 1.1 Release
More informationBarclaycard SmartPay. Hosted Payment Page Integration Guide. Version 3.0 released April 2012
Barclaycard SmartPay Hosted Payment Page Integration Guide Version 3.0 released April 2012 DOC Version Control Version No. Date Issued Reason for Change 1.0 July 2010 Initial Document 2.0 February 2012
More informationNetwork Test Labs (NTL) Software Testing Services for igaming
Network Test Labs (NTL) Software Testing Services for igaming Led by committed, young and dynamic professionals with extensive expertise and experience of independent testing services, Network Test Labs
More informationSTRONGER ONLINE SECURITY
STRONGER ONLINE SECURITY Enhanced online banking without compromise Manage your business banking efficiently and securely Internet banking has given business leaders and treasurers greater control of financial
More informationA Server and Browser-Transparent CSRF Defense for Web 2.0 Applications. Slides by Connor Schnaith
A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications Slides by Connor Schnaith Cross-Site Request Forgery One-click attack, session riding Recorded since 2001 Fourth out of top 25 most
More informationIntroduction to Cryptography
Introduction to Cryptography Part 3: real world applications Jean-Sébastien Coron January 2007 Public-key encryption BOB ALICE Insecure M E C C D channel M Alice s public-key Alice s private-key Authentication
More informationCerticom Security for Government Suppliers developing client-side products to meet the US Government FIPS 140-2 security requirement
certicom application notes Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS 140-2 security requirement THE PROBLEM How can vendors take advantage
More informationIntroduction...3 Terms in this Document...3 Conditions for Secure Operation...3 Requirements...3 Key Generation Requirements...
Hush Encryption Engine White Paper Introduction...3 Terms in this Document...3 Conditions for Secure Operation...3 Requirements...3 Key Generation Requirements...4 Passphrase Requirements...4 Data Requirements...4
More informationEnabling SSL and Client Certificates on the SAP J2EE Engine
Enabling SSL and Client Certificates on the SAP J2EE Engine Angel Dichev RIG, SAP Labs SAP AG 1 Learning Objectives As a result of this session, you will be able to: Understand the different SAP J2EE Engine
More informationProgramming Fundamentals of Web Applications Course 10958A; 5 Days
Lincoln Land Community College Capital City Training Center 130 West Mason Springfield, IL 62702 217-782-7436 www.llcc.edu/cctc Programming Fundamentals of Web Applications Course 10958A; 5 Days Course
More informationAdministration Guide. Wireless software upgrades
Administration Guide Wireless software upgrades SWDT207654-207654-0727045705-001 Contents Upgrading the BlackBerry Device Software over the wireless network... 3 Wireless software upgrades... 3 Sources
More informationThe increasing popularity of mobile devices is rapidly changing how and where we
Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to
More informationElavon Payment Gateway - Redirect Integration Guide
Elavon Payment Gateway - Redirect Integration Guide Version: v1.1 Table of Contents 1 About This Guide 3 1.1 Purpose 3 1.2 Audience 3 1.3 Prerequisites 3 1.4 Related Documents 3 2 Elavon Payment Gateway
More informationHybrid PA-DSS Report on Validation
Hybrid PA-DSS Report on Validation For Applications that Store, Process, or Transmit Payment Card Data but are Not Part of Authorization or Settlement Application Vendor: KomBea Corporation 3400 N. Ashton
More informationSafeNet MSSQL EKM Provider User Guide
SafeNet MSSQL EKM Provider User Guide Version 4.8.5 Documentation Version: 20080705 Copyright Information 2009 SafeNet, Inc. All rights reserved All intellectual property is protected by copyright. All
More informationHosted File Backup for business. Keep your data safe with our cloud backup service
Hosted File Backup for business Keep your data safe with our cloud backup service Why choose Hosted File Backup? Your most important business asset is data. After all, without customer information, order
More informationUnderstanding Digital Certificates and Wireless Transport Layer Security (WTLS)
Understanding Digital Certificates and Wireless Transport Layer Security (WTLS) Author: Allan Macphee January 2001 Version 1.1 Copyright 2001-2003 Entrust. All rights reserved. Digital Certificates What
More informationHTTPS is Fast and Hassle-free with CloudFlare
HTTPS is Fast and Hassle-free with CloudFlare 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com In the past, organizations had to choose between performance and security when encrypting their
More informationRich Internet Applications
Rich Internet Applications Prepared by: Husen Umer Supervisor: Kjell Osborn IT Department Uppsala University 8 Feb 2010 Agenda What is RIA? RIA vs traditional Internet applications. Why to use RIAs? Running
More informationEmail Privacy. Protecting Your Members. Monday, June 30, 2008 3:00 p.m. - 4:15 p.m. Dena Bauckman, Director of Product Management Zix Corporation
What We LEARN in Vegas... Comes Home from Vegas! Email Privacy Protecting Your Members Monday, June 30, 2008 3:00 p.m. - 4:15 p.m. Dena Bauckman, Director of Product Management Zix Corporation Massachusetts
More informationTEXT ALERTS. Keeping track of your money 24/7
TEXT ALERTS Keeping track of your money 24/7 Contents Types of text alerts 1 Managing your text alerts 3 Mobile Banking 5 Terms and conditions 6 I like to keep on top of my finances Our variety of alerts
More informationWhite Paper: Multi-Factor Authentication Platform
White Paper: Multi-Factor Authentication Platform Version: 1.4 Updated: 29/10/13 Contents: About zero knowledge proof authentication protocols: 3 About Pairing-Based Cryptography (PBC) 4 Putting it all
More informationWealth and Investment Management. Captive Insurance. Local knowledge. Global expertise.
Wealth and Investment Management Captive Insurance Local knowledge. Global expertise. Table of Contents At a glance 4 Committed to captive insurance 6 Everything you need 7 Next steps 10 3 At a glance
More information