• Replies 2 replies
  • Subscribers 336 subscribers
  • Views 14 views
  • Users 0 members are here
Related

Techies: IP access to Credit Card Processor

Former Member
Former Member $organization

Hello all,

I am tightening up security per PCI requirements. This is the specific requirement I'm working on:

1.3.5 Is outbound traffic from the cardholder data environment to the Internet explicitly authorized.

I think this means I need to lock down the API server to allow outbound traffic only to the Element IP address. Am I missing anything as to outbound traffic needs for the API server? And the payment gateway is communicating through the API so that would not be connecting directly to the Internet, right? Web server is in a DMZ with explicit permissions for the API server. 

Appreciate your help!

Gloria

Parents
  • Former Member
    Former Member $organization

    I think you are right about that.

     

    From: Tessitura Technical Forum [mailto:forums-technical@tessituranetwork.com] On Behalf Of Nick Reilingh
    Sent: Thursday, May 19, 2016 10:34 AM
    To: Gloria Ormsby
    Subject: Re: [Tessitura Technical Forum] Techies: IP access to Credit Card Processor

     

    I was under the impression that the Payment Gateway service was the one connecting to Element over the internet. And your PGS is supposed to reside on a server that doesn't server web requests so that you don't have any authorization traffic going through a node that is accessible to the wider internet.

    From: Gloria Ormsby <bounce-gloriaormsby5026@tessituranetwork.com>
    Sent: 5/19/2016 10:13:42 AM

    Hello all,

    I am tightening up security per PCI requirements. This is the specific requirement I'm working on:

    1.3.5 Is outbound traffic from the cardholder data environment to the Internet explicitly authorized.

    I think this means I need to lock down the API server to allow outbound traffic only to the Element IP address. Am I missing anything as to outbound traffic needs for the API server? And the payment gateway is communicating through the API so that would not be connecting directly to the Internet, right? Web server is in a DMZ with explicit permissions for the API server. 

    Appreciate your help!

    Gloria




    This message was sent automatically to you by www.tessituranetwork.com because you subscribed to the Tessitura Technical Forum. You may reply to this message to post to the Technical forum or visit the site to search, read and post to the forums. In the interest of keeping the forum posts from becoming cluttered, we encourage you to delete previous message text from your reply before sending. Thank you!

Reply
  • Former Member
    Former Member $organization

    I think you are right about that.

     

    From: Tessitura Technical Forum [mailto:forums-technical@tessituranetwork.com] On Behalf Of Nick Reilingh
    Sent: Thursday, May 19, 2016 10:34 AM
    To: Gloria Ormsby
    Subject: Re: [Tessitura Technical Forum] Techies: IP access to Credit Card Processor

     

    I was under the impression that the Payment Gateway service was the one connecting to Element over the internet. And your PGS is supposed to reside on a server that doesn't server web requests so that you don't have any authorization traffic going through a node that is accessible to the wider internet.

    From: Gloria Ormsby <bounce-gloriaormsby5026@tessituranetwork.com>
    Sent: 5/19/2016 10:13:42 AM

    Hello all,

    I am tightening up security per PCI requirements. This is the specific requirement I'm working on:

    1.3.5 Is outbound traffic from the cardholder data environment to the Internet explicitly authorized.

    I think this means I need to lock down the API server to allow outbound traffic only to the Element IP address. Am I missing anything as to outbound traffic needs for the API server? And the payment gateway is communicating through the API so that would not be connecting directly to the Internet, right? Web server is in a DMZ with explicit permissions for the API server. 

    Appreciate your help!

    Gloria




    This message was sent automatically to you by www.tessituranetwork.com because you subscribed to the Tessitura Technical Forum. You may reply to this message to post to the Technical forum or visit the site to search, read and post to the forums. In the interest of keeping the forum posts from becoming cluttered, we encourage you to delete previous message text from your reply before sending. Thank you!

Children
No Data