Operational security controls ensure that the systems integrating with SIBS Payment Gateway are protected against unauthorized access, misconfiguration, and misuse.
These controls focus on how systems are operated, configured, and accessed, complementing communication, data protection, and transaction integrity mechanisms.
Access Control and Least Privilege
Access to systems and resources involved in the integration must be strictly controlled.
- The Merchant system must:
- Restrict access to payment-related components to authorized users and services only
- Apply the principle of least privilege, granting only the permissions required for each role
- Ensure that administrative access is strictly limited, monitored, and auditable
Access control must be enforced across:
- Application components
- API credentials and configuration
- Operational and support interfaces
Excessive or uncontrolled access increases the risk of unauthorized operations and data exposure.
Credential and Secret Management
All credentials and secrets used in the integration must be securely managed.
- This includes:
- API credentials (e.g., client identifiers)
- Authentication tokens
- Signature and HMAC keys
These credentials are used as part of the communication security model and must be handled consistently with the mechanisms defined for authentication and message validation.
- The Merchant system must:
- Store secrets in secure, centralized systems (e.g., secret vaults)
- Prevent exposure in source code, configuration files, or logs
- Rotate credentials periodically and upon suspicion of compromise
Secrets must only be accessible to authorized components and must never be shared across environments.
Environment Segregation
Different environments must be strictly isolated to prevent cross-contamination of data and credentials.
- The Merchant system must maintain clear separation between:
- Development
- Testing / Sandbox
- Production
- Each environment must:
- Use its own credentials and configuration
- Be isolated at the network and application levels
Production data must never be used in non-production environments.
Improper environment segregation may lead to data leakage, unintended transactions, or security breaches.
Configuration and Change Control
System configuration must be controlled and auditable.
- The Merchant system must:
- Maintain controlled configuration management processes
- Track and review changes to critical settings
- Ensure that configuration changes are tested before deployment
This includes:
- API endpoints and credentials
- Security settings
- Operational parameters affecting transaction handling
Uncontrolled changes may introduce vulnerabilities or disrupt secure operation.
Operational Monitoring and Incident Awareness
Operational activity must be monitored to detect anomalies and potential security incidents.
- The Merchant system must:
- Monitor access to sensitive components
- Detect abnormal behavior (e.g., unusual request patterns, repeated failures)
- Maintain audit trails for security-relevant actions
Monitoring must support:
- Early detection of unauthorized access
- Identification of operational issues
- Investigation of incidents
Security events must be handled in a controlled, traceable, and timely manner.
Detailed guidance on logging and monitoring practices is provided in F.5 Logging and Monitoring Best Practices.
Security Enforcement
Operational security controls must be enforced consistently across all systems and environments.
The Merchant system must ensure that:
- Access is restricted and controlled according to least privilege
- Credentials and secrets are securely managed and rotated
- Environments are isolated and independently configured
- Configuration changes are controlled and auditable
- Operational activity is monitored, traceable, and auditable
Failure to enforce operational security controls may result in unauthorized access, exposure of sensitive information, or compromise of the integration environment.