Security

9min
about services security of nicepay as a {{transaction}} services provider in {{indonesia}} , {{nicepay}} is obligated to meet {{the}} security standards during {{transaction}} s to avoid suspicious activity that can harm any parties, both {{customer}} s and {{merchant}} s the following are {{information}} regarding {{the}} security of {{transaction}} services available in {{nicepay}} security standards and regulations security features {{nicepay}} has fds docid\ gcdge1d xvhlndpfbdd8m and credit card payment flow docid\ v7zw1gbz9 9za lzvu3ky systems as a security features for secure {{transaction}} using {{cc}} compliance {{nicepay}} already has local {{transaction}} security certifications and licenses, such as {{the}} pjp ( penyedia jasa pembayaran ) category 2 permit related to payment gateway and category 3 permit related to ptd ( penyelenggara transfer dana ) from {{bank}} {{indonesia}} , domestic pse from kominfo, as well as international compliance certifications, namely pci dss level 1 and pci 3ds role and responsibility on protection transaction protection becomes {{the}} responsibility and role of all parties, not only {{nicepay}} {{merchant}} responsible on maintain {{the}} transmission data security, identify users and authenticate access to {{system}} component the following is {{the}} list of {{merchant}} responsibility on maintain {{the}} {{transaction}} security protect cardholder data with strong cryptography during transmission over open, public networks processes and mechanisms for protecting cardholder data with strong cryptography during transmission over open, public networks are defined and documented pan is protected with strong cryptography during transmission strong cryptography and security protocols are implemented as follows to safeguard pan during transmission over open, public networks only trusted keys and certificates are accepted certificates used to safeguard pan during transmission over open, public networks are confirmed as valid and are not expired or revoked this bullet is a best practice until its effective date; refer to applicability notes below for details the protocol in use supports only secure versions or configurations and does not support fallback to, or use of insecure versions, algorithms, key sizes, or implementations the encryption strength is appropriate for {{the}} encryption methodology in use an inventory of {{the}} entity’s trusted keys and certificates used to protect pan during transmission is maintained identify users and authenticate access to system components user identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle all users are assigned a unique id before access to {{system}} components or cardholder data is allowed group, shared, or generic accounts, or other shared authentication credentials are only used when necessary on an exception basis, and are managed as follows account use is prevented unless needed for an exceptional circumstance use is limited to {{the}} time needed for {{the}} exceptional circumstance business justification for use is documented use is explicitly approved by management individual user identity is confirmed before access to an account is granted every action taken is attributable to an individual use nicepay products security data transmission {{nicepay}} has used https on all {{api}} endpoints to maintain {{the}} security of data transmission in transactions between {{merchant}} s and {{customer}} s, {{merchant}} s with {{nicepay}} , and other parties connected to {{the}} {{nicepay}} {{system}} authentication {{nicepay}} has special authentication in verifying data in {{the}} {{system}} for snap and non snap {{transaction}} s in snap {{transaction}} s, authentication uses {{the}} request access token api snap docid 92feymrqs iebhxrfgxuq by following {{the}} provisions of {{the}} indonesian payment association while in non snap {{transaction}} s, authentication uses a authentication docid 9ahumzbwzozg905z3ior with {{the}} sha 256 hashing method callback handling callback handling is used by {{the}} {{merchant}} s to verify {{the}} {{payment}} of {{transaction}} s to {{the}} {{nicepay}} whitelist ip notification and transaction status every {{transaction}} process that runs on {{the}} {{nicepay}} {{system}} has an automatic notifications which contain {{transaction}} {{information}} and {{status}} that varies according to {{the}} stage of a {{transaction}} we suggests {{merchant}} s to check {{the}} notifications sent and {{transaction}} {{status}} using {{api}} status inquiry regularly to avoid {{notification}} injection from irresponsible parties list of {{nicepay}} status inquiry {{api}} api version api link snap version check status transaction api virtual account snap docid\ qdn7cgvv26s2xeibfwg1u check status transaction api qris snap docid\ a0i6lo4dvbo6ih5ql6nda check status transaction api e wallet (direct debit) snap docid\ za7an0he8c3 2oixvdlna inquiry api payout (disbursement) snap docid\ ge22wm18e02qrwdgbwmz inquiry history api snap provider docid\ q6wfjff2upkvdlms56io5 inquiry api nicepay inquiry virtual account snap docid\ zltn93laidzfgpiif7d26 version 2 status inquiry api checkout docid 7thqvphz6emwezw5 d4an status inquiry api credit card docid\ fc bkdwkevwf2h9usoc8k status inquiry api virtual account docid\ itcm3ihd d5tjo3i0zjen status inquiry api convenience store docid 79r7v9ynenetfidqqvmkk status inquiry api direct debit docid\ b6ctfh0si5ntzuljbwtnd status inquiry api e wallet docid\ tegpdwiwlqpwiik9vv3r4 status inquiry api payloan docid\ ikbnpmy56gww3hk0v3emu status inquiry api gpn docid\ z6mz313pnsr5weunylyta status inquiry api qris docid\ i34g2mhsezzv2y4d1bj7y inquiry api payout (disbursement) docid\ uchkzomsxvxzdcknfmuzd version 1 v1 check transaction status docid\ b hqvi5gbns yxcexem2a notification injection is one of {{the}} security vulnerabilities when an attacker sends a {{notification}} that is not supposed to be sent to {{the}} systems security maintenance bug bounty program {{nicepay}} appreciates all forms of {{information}} regarding security {{system}} issues submitted however, {{nicepay}} does not have a bug bounty program and does not provide any rewards though {{nicepay}} does not currently have a bug bounty program for public participation, we may consider it in {{the}} future {{nicepay}} will continue to evaluate and improve {{the}} security of our {{system}} based on national and international standards as a top priority to protect {{the}} confidentiality of {{information}} for every {{transaction}} that runs in our {{system}} for further {{information}} regarding {{the}} bug bounty program and security of {{the}} {{nicepay}} {{system}} in {{the}} future, please visit {{nicepay}} official website and social media
Updated 04 Apr 2024
Did this page help you?
PREVIOUS
FAQ Merchant Back Office
NEXT
NICEPAY Academy
Docs powered by Archbee