Protecting WebSphere Commerce Payments
WebSphere Commerce Payments security is built on several key security elements. These elements combine to create an environment in which services can be deployed securely on the Web.
About this task
In the heart of WebSphere Commerce Payments is the Payment Servlet. Several ancillary products, the Web server configured with WebSphere Application Server, the database, and the user interface, complete the WebSphere Commerce Payments picture. This topic discusses methods for securing the various WebSphere Commerce Payments components.
Protecting sensitive data
For each query command, the framework verifies the user's role against that minimum role and thereby, sets an indicator in the QueryRequest object to indicate whether sensitive data such as credit card numbers or billing addresses should be returned in full view or if it should be masked out. The WebSphere Commerce Payments framework does not maintain any sensitive data that can be returned via a query command. However, new methods are provided to cassette writers to check the value of this indicator and also to mask sensitive data in a standardized way. Each cassette must discern the sensitive data from the rest of the stored data. Typically, the sensitive data is the same set of data that a cassette encrypts before storing it to the WebSphere Commerce Payments database.
The JVM system parameter wpm.MinSensitiveAccessRole={clerk|supervisor|madmin|psadmin|none} specifies
the minimum role a user must have to be allowed access to sensitive data.
The value is case-sensitive. If this property is not specified, a value of
clerk is assumed, allowing all users to see sensitive data. If an invalid
value is specified, the Payment Servlet fails to initialize.
Note that this parameter can be set during Payments instance creation and updated at any time using the WebSphere Commerce Configuration Manager. The name of the parameter in Configuration Manager is Minimum Access Role in the Payments instance panel.
The following table describes supported values, which are listed in increasing order of authority:
| User | Description |
|---|---|
| clerk | Users with a role of clerk or higher can see sensitive data. |
| supervisor | Users with a role of supervisor or higher can see sensitive data. |
| madmin | Users with a role of Merchant Administrator or higher can see sensitive data. |
| psadmin | Only Payments Administrators can see sensitive data. |
| none | No one is allowed to see sensitive data. |
You can specify the wpm.MinSensitiveAccessRole parameter
by using Configuration Manager.
Protecting the database
The WebSphere Commerce Payments database stores sensitive data and requires protection from reading and writing by unauthorized sources. WebSphere Commerce Payments provides support for the encryption of sensitive data - for example, passwords and cardholder information - that is stored in the database.
Transaction data
Follow these guidelines for handling transaction data.
- Sensitive transactional information is stored in a database table in the instance library. This library is specified as the Instance Schema Name in the Payments Instance Creation Wizard.
- Any backups should be kept secure.
- The database tables in the instance library contain critical configuration
and transaction information and should be included as part of your system
backup strategy. You should also back up these files:
- Files in the /QIBM/UserData/CommercePayments/Vnn/instance directory where Instance is the name of the WebSphere Commerce Payments instance
- HTTP server that you configured for WebSphere Commerce Payments. This HTTP server is specified as the Web Server in the Payments Instance Creation Wizard.
- Objects in the instance library on the local machine as well as the database collection on the remote machine when remote database storage is used.