Menu
Back to homepage

PAYMENT GATEWAY

Back to homepage

[THK] F.4 Security Best Practices

Objective

This chapter defines the core security principles and controls required for a secure integration with SIBS Payment Gateway (SPG).

It focuses on the controls that must be enforced across the integration lifecycle, while detailed behaviors such as transaction validation, webhook processing, and error handling are defined in their respective sections of this documentation.

Scope and Positioning

Security in SPG integrations is achieved through a combination of controls applied across:

  • Communication channels
  • Data handling practices
  • External input validation
  • Transaction lifecycle management
  • Operational behavior

These controls collectively protect against:

  • Unauthorized access
  • Data tampering
  • Duplicate or inconsistent transactions
  • Information leakage

Security Model Overview

A secure SPG integration enforces security across the following layers:

  • Communication Security
    Ensures that all interactions with SIBS are authenticated, integrity-protected, and encrypted
  • Data Protection
    Prevents exposure or misuse of sensitive payment information
  • Trust Boundaries
    Ensures that all external inputs, including asynchronous notifications, are validated before being accepted
  • Transaction Integrity
    Prevents duplicate, inconsistent, or invalid operations
  • Operational Security
    Ensures safe handling of errors, retries, and observability

Illustrative Examples

The following examples highlight common security pitfalls and the expected control:

Example 1 – Unvalidated Asynchronous Notification

A notification indicates paymentStatus = Success, and the system immediately updates the order status.

Risk:
A forged, delayed, or duplicated notification may lead to incorrect fulfillment.

Control:
Asynchronous notifications must never be considered authoritative on their own and must always be validated against the authoritative transaction state before being accepted.

Example 2 – Unsafe Retry Behavior

A payment request fails due to invalid parameters, and the system retries automatically.

Risk:
Repeated invalid requests or unintended duplicate operations.

Control:
Retry mechanisms must be controlled and must not introduce duplicate or inconsistent operations.

Example 3 – Missing Integrity Validation

A response is processed without verifying its authenticity.

Risk:
Tampered or replayed responses may be accepted as valid.

Control:
All messages must be verified for authenticity and integrity before being accepted or processed.

Key Principle

Security must be enforced as a system-wide responsibility, not as a feature of individual API calls.

All components of the integration must assume that:

  • External inputs are untrusted until validated
  • Data integrity must be explicitly verified
  • Final transaction state must be confirmed through authoritative sources

Failure to enforce these principles may result in financial risk, inconsistent transaction states, or exposure of sensitive information.

On this page:

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.