Security

9min

About Services Security of NICEPAY
﻿
As a ﻿ services provider in ﻿, ﻿ is obligated to meet ﻿ security standards during ﻿s to avoid suspicious activity that can harm any parties, both ﻿s and ﻿s. The following are ﻿ regarding ﻿ security of ﻿ services available in ﻿.
﻿
Security Standards and Regulations
Security Features
﻿﻿ has FDS﻿ and 3Ds﻿ systems as a security features for secure ﻿ using ﻿.
﻿
Compliance
﻿﻿ already has local ﻿ security certifications and licenses, such as ﻿ PJP (Penyedia Jasa Pembayaran) Category 2 permit related to Payment Gateway and Category 3 permit related to PTD (Penyelenggara Transfer Dana) from ﻿ ﻿, Domestic PSE from Kominfo, as well as international compliance certifications, namely PCI DSS Level 1 and PCI 3DS.
﻿
Role and Responsibility on Protection
Transaction protection becomes ﻿ responsibility and role of all parties, not only ﻿.  ﻿ responsible on maintain ﻿ transmission data security, identify users and authenticate access to ﻿ component. 
The following is ﻿ list of ﻿ responsibility on maintain ﻿ ﻿ security.
Protect Cardholder Data with Strong Cryptography During Transmission Over Open, Public Networks
Processes and mechanisms for protecting cardholder data with strong cryptography during transmission over open, public networks are defined and documented
PAN is protected with strong cryptography during transmission.
Strong cryptography and security protocols are implemented as follows to safeguard PAN during transmission over open, public networks:
Only trusted keys and certificates are accepted.
Certificates used to safeguard PAN during transmission over open, public networks are confirmed as valid and are not expired or revoked. This bullet is a best practice until its effective date; refer to applicability notes below for details.
The protocol in use supports only secure versions or configurations and does not support fallback to, or use of insecure versions, algorithms, key sizes, or implementations.
The encryption strength is appropriate for ﻿ encryption methodology in use.
An inventory of ﻿ entity’s trusted keys and certificates used to protect PAN during transmission is maintained.
Identify Users and Authenticate Access to System Components
User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle.
All users are assigned a unique ID before access to ﻿ components or cardholder data is allowed
Group, shared, or generic accounts, or other shared authentication credentials are only used when necessary on an exception basis, and are managed as follows:
Account use is prevented unless needed for an exceptional circumstance.
Use is limited to ﻿ time needed for ﻿ exceptional circumstance.
Business justification for use is documented.
Use is explicitly approved by management.
Individual user identity is confirmed before access to an account is granted.
Every action taken is attributable to an individual use
﻿
NICEPAY Products Security
Data Transmission
﻿﻿ has used HTTPS on all ﻿ endpoints to maintain ﻿ security of data transmission in transactions between ﻿s and ﻿s, ﻿s with ﻿, and other parties connected to ﻿ ﻿ ﻿.
﻿
Authentication
﻿﻿ has special authentication in verifying data in ﻿ ﻿ for SNAP and non-SNAP ﻿s. In SNAP ﻿s, authentication uses ﻿ Request Access Token API - SNAP﻿ by following ﻿ provisions of ﻿ Indonesian Payment Association. While in non-SNAP ﻿s, authentication uses a Merchant Token﻿ with ﻿ SHA-256 hashing method.
﻿
Callback Handling
Callback Handling is used by ﻿ ﻿s to verify ﻿ ﻿ of ﻿s to ﻿ ﻿.
﻿
Whitelist IP
<!-- <p>paste iframe code here</p> --> Merchant﻿s can Whitelist IPs to increase their system ﻿security if needed. Please contact <a style="color:blue;text-decoration-line:underline" href="mailto:cs@nicepay.co.id">NICEPAY Customer Service</a> to get list of NICEPAY IP.
<!-- <p>paste iframe code here</p> --> Merchant﻿s can Whitelist IPs to increase their system ﻿security if needed. Please contact <a style="color:blue;text-decoration-line:underline" href="mailto:cs@nicepay.co.id">NICEPAY Customer Service</a> to get list of NICEPAY IP.
﻿
﻿
Notification and Transaction Status
Every ﻿ process that runs on ﻿ ﻿ ﻿ has an automatic notifications which contain ﻿ ﻿ and ﻿ that varies according to ﻿ stage of a ﻿. We suggests ﻿s to check ﻿ notifications sent and ﻿ ﻿ using ﻿ Status Inquiry regularly to avoid ﻿ injection from irresponsible parties.
List of ﻿ Status Inquiry ﻿:
API Version
API Link
SNAP Version
﻿Check Status Transaction - API Virtual Account SNAP﻿﻿
﻿Check Status Transaction - API QRIS SNAP﻿﻿
﻿Check Status Transaction - API E-Wallet (Direct Debit) SNAP﻿﻿
﻿Inquiry - API Payout (Disbursement) SNAP﻿﻿
﻿Inquiry History - API SNAP Provider﻿﻿
﻿Inquiry - API NICEPAY Inquiry Virtual Account SNAP﻿﻿
Version 2
﻿Status Inquiry - API Checkout﻿﻿
﻿Status Inquiry - API Credit Card﻿﻿
﻿Status Inquiry - API Virtual Account﻿﻿
﻿Status Inquiry - API Convenience Store﻿﻿
﻿Status Inquiry - API Direct Debit﻿﻿
﻿Status Inquiry - API E-Wallet﻿﻿
﻿Status Inquiry - API Payloan﻿﻿
﻿Status Inquiry - API GPN﻿﻿
﻿Status Inquiry - API QRIS﻿﻿
﻿Inquiry - API Payout (Disbursement)﻿﻿
Version 1
﻿V1 Check Transaction Status﻿﻿
Notification Injection is one of ﻿ security vulnerabilities when an attacker sends a ﻿ that is not supposed to be sent to ﻿ systems.
﻿
Security Maintenance
Bug Bounty Program
﻿﻿ appreciates all forms of ﻿ regarding security ﻿ issues submitted. However, ﻿ does not have a Bug Bounty program and does not provide any rewards. Though ﻿ does not currently have a Bug Bounty program for public participation, we may consider it in ﻿ future.
﻿﻿ will continue to evaluate and improve ﻿ security of our ﻿ based on national and international standards as a top priority to protect ﻿ confidentiality of ﻿ for every ﻿ that runs in our ﻿ . For further ﻿ regarding ﻿ Bug Bounty program and security of ﻿ ﻿ ﻿ in ﻿ future, please visit ﻿ official website and social media.

API Version	API Link
SNAP Version	Check Status Transaction - API Virtual Account SNAP Check Status Transaction - API QRIS SNAP Check Status Transaction - API E-Wallet (Direct Debit) SNAP Inquiry - API Payout (Disbursement) SNAP Inquiry History - API SNAP Provider Inquiry - API NICEPAY Inquiry Virtual Account SNAP
Version 2	Status Inquiry - API Checkout Status Inquiry - API Credit Card Status Inquiry - API Virtual Account Status Inquiry - API Convenience Store Status Inquiry - API Direct Debit Status Inquiry - API E-Wallet Status Inquiry - API Payloan Status Inquiry - API GPN Status Inquiry - API QRIS Inquiry - API Payout (Disbursement)
Version 1	V1 Check Transaction Status

FAQ Merchant Back Office

NICEPAY Academy

Security

About Services Security of NICEPAY

Security Standards and Regulations

Security Features

Compliance

Role and Responsibility on Protection

NICEPAY Products Security

Data Transmission

Authentication

Callback Handling

Whitelist IP

Notification and Transaction Status

Security Maintenance

Bug Bounty Program

Welcome to NICEPAY DOCS