Payment plug-in security
Payment plug-ins will typically process sensitive payment information. When using a payment plug-in, note the following security considerations:
- You need to consider both the security of the data stored in the WebSphere Commerce database as well as the security of the data communicated through the network to a payment back-end system.
- The WebSphere Commerce Payments does not perform any network communication. This is the job of payment plug-ins. It is the responsibility of the payment plug-in to guarantee that a secure network connection is used to prevent sensitive data from falling into the wrong hands.
- The payment plug-ins provided with WebSphere Commerce (SimpleOffline, LOC, and WebSphere Commerce Payments) all process sensitive data:
- WebSphere Commerce Payments encrypts the sensitive data processed by these plug-ins. The plug-ins do not encrypt data in the database themselves.
- Of these plug-ins, only the WebSphere Commerce Payments plug-in is set up for online processing with a payment back-end system (WebSphere Commerce Payments). The WebSphere Commerce Payments plug-in provides the necessary encryption for all data going to and from WebSphere Commerce Payments. If WebSphere Commerce Payments is set up to use SSL, and the WebSphere Commerce Payments plug-in deployment descriptor is configured properly, network communications are secure. There are no secure network communications for the SimpleOffline or LOC plug-in because as provided they do not communicate with a payment back-end system.
- If you are using an external or third-party payment plug-in with WebSphere Commerce, any sensitive data that is processed by the plug-in is encrypted in the WebSphere Commerce database as long as the plug-in was written to the Payment plug-in specification. If the plug-in stores sensitive data in a file system or different database tables, data is not encrypted in the database and the plug-in provider should provide the data encryption.
- External plug-ins are also responsible for providing the security of the communication with their payment back-end systems. Since payment information is sensitive data, the plug-ins should encrypt all data going back and forth through network connections. The WebSphere Commerce Payments does not provide encryption services for this type of communication with payment back-end systems.
- If you are developing your own payment plug-in and are using the WebSphere Commerce file system and database tables, ensure that your plug-in is written to the payment plug-in specification so that the WebSphere Commerce Payments can properly encrypt sensitive data in the database. You will need to acquire or develop the encryption utilities or libraries necessary to encrypt data sent in network communications with a payment back-end system. Refer also to the Payment plug-in specification for more information about security considerations.
- Properties can be defined in the plug-in deployment descriptor, the payment system plug-in mapping file, or in both. You should not store sensitive information unprotected in these files. If sensitive information is required to be kept these files, the data should be encrypted. Encryption of data is the responsibility of the plug-in.
(C) Copyright IBM Corporation 1996, 2006. All Rights Reserved.