e-commerce is fast growing industry in India and elsewhere in the world. With rapid penetration of e-commerce across every section of society and deep rooted insecurities towards using cards for online transactions, there comes an impending need of designing a secure payment system. A secure and robust payment system not only ensures that customer's sensitive information is protected against misuses but also helps build trust among the users.
In this article, we will discuss few security principles that must be taken care of while designing payment system for online commerce.
Security principle 1:
And the most basic one. Install SSL certificate for the domain you want to operate your business in. HTTPS instead of HTTP protocol should be used to access payment application/service from your ecommerce engine.
What is HTTPS?
HTTPS is combination of HTTP and SSL(Secure Socket Layer) to provide encrypted communication between client (browser) and web server (application is hosted here).
Why is it needed?
HTTPS encrypts data that is transmitted from browser to server over the network. So, no one can sniff the data during transmission.
How HTTPS connection is established between browser and web server?
Never store user's credit card information on your server.
It is not needed for any use case. If you are doing it, then it is not legal.
For cases, where you need card identifier, you can use following mechanisms to store it:
1. You can store masked credit card number. Mask digits between first six and last four.
For example, if credit card number is 5326632301681601, store 532663XXXXXX1601.
2. Use any strong One-way hashing technique to store hashed credit card numbers. You can choose among SHA512, SHA256 and equivalent mechanisms.
3. In case your application provides "One click checkout" service to customers, then it is essential to store card information on servers. For such needs, strong encryption mechanism should be used to encrypt credit card data before storing them to database servers. One of the recommendations is to use split key AES encryption methodology. Part key is known to user and other part is known to the application. Only its combination can decrypt the encrypted card information stored.
Security principle 3:
For any HTTPS to HTTP communication, always incorporate any internal hashing mechanism that generates a hashkey based on some key parameters transmitted.
For example, let's say data to be transmitted is, Amount - $500, Status - Successful Payment, Id - 112234.
Generate a hashkey using the above parameters and an algorithm that both servers understand (sender and acceptor). Server on HTTPS also sends this hashkey in response. Acceptor server regenerate hashkey and validates it with one received in response.
Security principle 4:
Always integrate a server to server call to validate if the data received by acceptor server is the one sent.
Security principle 5:
Do periodical auditing of database servers and application servers. Keep monitor on logs - both application level and database level to ensure that any shady code is not sent to production.
Taking care of discussed cases would help build trust between the portal and customers.
In this article, we will discuss few security principles that must be taken care of while designing payment system for online commerce.
Security principle 1:
And the most basic one. Install SSL certificate for the domain you want to operate your business in. HTTPS instead of HTTP protocol should be used to access payment application/service from your ecommerce engine.
What is HTTPS?
HTTPS is combination of HTTP and SSL(Secure Socket Layer) to provide encrypted communication between client (browser) and web server (application is hosted here).
Why is it needed?
HTTPS encrypts data that is transmitted from browser to server over the network. So, no one can sniff the data during transmission.
How HTTPS connection is established between browser and web server?
- Browser tries to connect to the
https://payment.com. payment.comserver sends a certificate to the browser. This certificate includespayment.comserver's public key, and some evidence that this public key actually belongs topayment.com.- Browser verifies the certificate to confirm that it has the proper public key for
payment.com. - Browser chooses a random new symmetric key K to use for its connection to
payment.comserver. It encrypts K underpayment.compublic key. payment.comdecrypts K using its private key. Now both browser and thepaymentserver know K, but no one else does.- Anytime browser wants to send something to
payment.com, it encrypts it under K; thepayment.comserver decrypts it upon receipt. Anytime thepayment.comserver wants to send something to your browser, it encrypts it under K.
Never store user's credit card information on your server.
It is not needed for any use case. If you are doing it, then it is not legal.
For cases, where you need card identifier, you can use following mechanisms to store it:
1. You can store masked credit card number. Mask digits between first six and last four.
For example, if credit card number is 5326632301681601, store 532663XXXXXX1601.
2. Use any strong One-way hashing technique to store hashed credit card numbers. You can choose among SHA512, SHA256 and equivalent mechanisms.
3. In case your application provides "One click checkout" service to customers, then it is essential to store card information on servers. For such needs, strong encryption mechanism should be used to encrypt credit card data before storing them to database servers. One of the recommendations is to use split key AES encryption methodology. Part key is known to user and other part is known to the application. Only its combination can decrypt the encrypted card information stored.
Security principle 3:
For any HTTPS to HTTP communication, always incorporate any internal hashing mechanism that generates a hashkey based on some key parameters transmitted.
For example, let's say data to be transmitted is, Amount - $500, Status - Successful Payment, Id - 112234.
Generate a hashkey using the above parameters and an algorithm that both servers understand (sender and acceptor). Server on HTTPS also sends this hashkey in response. Acceptor server regenerate hashkey and validates it with one received in response.
Security principle 4:
Always integrate a server to server call to validate if the data received by acceptor server is the one sent.
Security principle 5:
Do periodical auditing of database servers and application servers. Keep monitor on logs - both application level and database level to ensure that any shady code is not sent to production.
Taking care of discussed cases would help build trust between the portal and customers.
HTTPS
is combination of Hyper Text Transfer Protocol and Secure Socket Layer
protocol(SSL) / Transport Layer Security(TLS) to provide encrypted
communication between web server and client. - See more at:
http://www.hacking-tutorial.com/tips-and-trick/the-difference-between-http-and-https-https/#sthash.rRFPV0N6.dpuf
HTTPS
is combination of Hyper Text Transfer Protocol and Secure Socket Layer
protocol(SSL) / Transport Layer Security(TLS) to provide encrypted
communication between web server and client. - See more at:
http://www.hacking-tutorial.com/tips-and-trick/the-difference-between-http-and-https-https/#sthash.rRFPV0N6.dpuf
HTTPS
is combination of Hyper Text Transfer Protocol and Secure Socket Layer
protocol(SSL) / Transport Layer Security(TLS) to provide encrypted
communication between web server and client. - See more at:
http://www.hacking-tutorial.com/tips-and-trick/the-difference-between-http-and-https-https/#sthash.rRFPV0N6.dpuf
HTTPS
is combination of Hyper Text Transfer Protocol and Secure Socket Layer
protocol(SSL) / Transport Layer Security(TLS) to provide encrypted
communication between web server and client. - See more at:
http://www.hacking-tutorial.com/tips-and-trick/the-difference-between-http-and-https-https/#sthash.rRFPV0N6.dpuf
HTTPS
is combination of Hyper Text Transfer Protocol and Secure Socket Layer
protocol(SSL) / Transport Layer Security(TLS) to provide encrypted
communication between web server and client. - See more at:
http://www.hacking-tutorial.com/tips-and-trick/the-difference-between-http-and-https-https/#sthash.rRFPV0N6.dpuf
HTTPS
is combination of Hyper Text Transfer Protocol and Secure Socket Layer
protocol(SSL) / Transport Layer Security(TLS) to provide encrypted
communication between web server and client. - See more at:
http://www.hacking-tutorial.com/tips-and-trick/the-difference-between-http-and-https-https/#sthash.rRFPV0N6.dpuf
Great and Very useful blog..
ReplyDeleteThanks for Share....
Go processing complaints