Paying fee and bills through payment gateway

Another best practice illustrated is implementing two (or even more) encryption keys: key encryption key (KEK) and data encryption key (DEK). The KEK is constructed in runtime from multiple components, as previously described. Its only purpose is to protect the DEK which encrypts the sensitive data itself. The idea behind the KEK is to complicate the task of key retrieval by adding more steps. Another benefit of having KEK is that it allows the DEK to be dynamically generated for each data encryption session (for example, for each POS transaction similar to DUKPT, which is described in next section).

Key rotation is a process of changing (generating a new key and discarding the old one) the encryption/decryption key without disrupting the encryption/ decryption functionality. Frequent key rotation helps to avoid full information disclosure if the single key is compromised. Even if attackers managed to retrieve the value of the single DEK, they cannot use it to pump out the sensitive data for the rest of their lives if proper key rotation is in place.

NFC-based online payment solutions use existing contactless payment terminals to enter the card data into the POS. They store the card data in the mobile device, which can be compromised. In addition, the contactless MSD (Magnetic Stripe Data) readers aren't more secure than regular MSR. Once the data is transmitted via NFC from the card chip (or mobile device NFC transmitter) to the payment terminal, it is handled internally by POS and the payment application in exactly the same way as the data read by regular MSR.

Non-NFC solutions can resolve these issues listed. Such solutions use the POS to link a mobile device to the payment transaction. All the sensitive data is exchanged between the POS and mobile payment server so no sensitive data is ever present at the store level. The traditional format of the credit cards can be preserved so no technological revolution (such as EMV) is even necessary at the card level — the card data is stored securely in the data centers which have all the necessary prerequisites to be adequately protected. I proposed such a solution back in 2009.

It uses a barcode with a one-time randomly generated token displayed on the mobile device screen to link the cell phone and POS in order to start the payment session. Once the transaction is finalized, the logical link between the POS and mobile phone is destroyed and cannot be reused. The connection between the POS and the customer is kept at the data center level.

PCI DSS and PA-DSS require only data at rest and some limited data in transit encryption. In order to provide complete protection to sensitive cardholder information, the data should be encrypted everywhere: in memory, in transit, and at rest. SSL is a reliable solution for data in-transit protection. Point-to-point encryption is the best choice when shopping for a comprehensive solution. There are different flavors of P2PE: hardware, software, hybrid, and their combinations. Hardware/Hardware P2PE is the most secure and complicated option from both implementation and certification viewpoints. EMV and mobile payment technologies provide additional protection to sensitive cardholder data.

Code signing is certainly the most important part of the code protection strategy. However, you should not forget the fact that software application behavior can be modified not only by alternating the code, but also through the configuration changes. For example, changing the database connection string may switch the payment gateway application to a dummy database server, while a modified value of the IP address parameter may forward transactions to a bogus server installed for MITM attack. In order to avoid such situations, application configuration and data files can also be signed so their signatures can be verified by the application during the startup or even on every data read.

Feepal is the fastest growing online community for online fee payment niet Relevant and Much needed information about niet online payment, including latest news