Menu
Back to homepage

PAYMENT GATEWAY

Back to homepage

[THK] F.4.1 Communication Security

All communication between Merchant systems and SIBS Payment Gateway must ensure authentication, integrity, and confidentiality. These controls are enforced through SPG-native mechanisms such as tokens, signatures, HMAC validation, encrypted transport, and protected asynchronous communication channels.

Authentication

All interactions with SPG APIs must be authenticated to ensure that only authorized systems can perform operations.

  • SPG requires authenticated requests using mechanisms such as:
    • Bearer tokens for checkout and session-based operations
    • Signature-based authentication (Digest / transactionSignature) for transactional and server-to-server operations
  • Authentication is enforced on every request; missing, invalid, or expired credentials result in immediate rejection by the gateway

From the Merchant side:

  • All SPG calls must originate from trusted backend systems only
  • Credentials (tokens, signatures, keys) must:
    • Never be exposed in client-side code
    • Be securely stored and access-controlled
    • Be rotated and managed according to internal security policies

Authentication failures are not transient conditions and must not be retried without correcting the underlying issue.

Integrity

All messages exchanged with SPG must be protected against tampering, replay, or unintended modification.

  • SPG enforces integrity through:
    • Signed requests and responses
    • HMAC-based validation, configured at the gateway level to ensure the authenticity and integrity of exchanged messages

The detailed implementation of message validation, including signature construction and verification, is described in E.1.5 Security and Validation

Integrity validation must be applied:

  • Before sending requests
  • Before processing responses

These mechanisms ensure that:

  • The message originates from the expected party
  • The payload has not been altered in transit

The Merchant must:

  • Validate all inbound messages before applying any business logic
  • Ensure validation is performed against the exact message content used for signing
  • Reject any message that fails validation and treat it as a potential anomaly

Integrity validation is particularly critical when processing transaction outcomes or status updates, where incorrect or tampered data may lead to inconsistent system behavior.

Confidentiality

All communication with SPG must be protected against interception and unauthorized disclosure.

  • SPG endpoints are exposed exclusively over HTTPS (TLS 1.2 or higher)
  • The Merchant must:
    • Enforce secure transport for all interactions
    • Validate certificates and prevent insecure configurations
    • Avoid transmitting sensitive data through untrusted intermediaries

Confidentiality ensures that transaction data and payment information are protected during transmission, regardless of the integration model used.

Asynchronous Communication Security

Asynchronous communication introduces additional security requirements that must be explicitly handled.

  • Webhook payloads are:
    • Encrypted (AES-GCM)
    • Encoded and delivered with security metadata required for decryption
  • These payloads must be:
    • Decrypted before any processing
    • Validated after decryption to ensure authenticity, integrity, and consistency of the payload
    • Treated as untrusted until verified

The decryption and validation process for asynchronous notifications is described in E.1.5 Security and Validation

The Merchant must ensure that:

  • Decryption is part of the standard processing pipeline
  • Invalid or undecryptable payloads are rejected
  • Decrypted content is validated and correlated before triggering any business action

Failure to properly handle asynchronous payloads may lead to incorrect transaction state handling or acceptance of forged notifications.

Security Enforcement

Communication security must be enforced consistently across all integration points.

The Merchant system must ensure that:

  • Every request is authenticated and originates from a trusted backend system
  • Every response is validated for integrity before being accepted or processed
  • All communication channels use encrypted transport
  • All asynchronous payloads are decrypted and validated before use
  • No business logic is executed on unauthenticated, undecrypted, or unvalidated data

These controls must be implemented as baseline architectural requirements, not optional safeguards.

Failure to enforce communication security may result in unauthorized operations, data tampering, replay attacks, or exposure of sensitive information.

On this page:

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.