Security

about services security of nicepay as a {{transaction}} services provider in {{indonesia}} , {{nicepay}} is obligated to meet {{the}} security standards during {{transaction}} s to avoid suspicious activity that can harm any parties, both {{customer}} s and {{merchant}} s the following are {{information}} regarding {{the}} security of {{transaction}} services available in {{nicepay}} security standards and regulations security features {{nicepay}} has docid\ gcdge1d xvhlndpfbdd8m and docid\ v7zw1gbz9 9za lzvu3ky systems as a security features for secure {{transaction}} using {{cc}} compliance {{nicepay}} already has local {{transaction}} security certifications and licenses, such as {{the}} pjp ( penyedia jasa pembayaran ) category 2 permit related to payment gateway and category 3 permit related to ptd ( penyelenggara transfer dana ) from {{bank}} {{indonesia}} , domestic pse from kominfo, as well as international compliance certifications, namely pci dss level 1 and pci 3ds role and responsibility on protection transaction protection becomes {{the}} responsibility and role of all parties, not only {{nicepay}} {{merchant}} responsible on maintain {{the}} transmission data security, identify users and authenticate access to {{system}} component the following is {{the}} list of {{merchant}} responsibility on maintain {{the}} {{transaction}} security protect cardholder data with strong cryptography during transmission over open, public networks processes and mechanisms for protecting cardholder data with strong cryptography during transmission over open, public networks are defined and documented pan is protected with strong cryptography during transmission strong cryptography and security protocols are implemented as follows to safeguard pan during transmission over open, public networks only trusted keys and certificates are accepted certificates used to safeguard pan during transmission over open, public networks are confirmed as valid and are not expired or revoked this bullet is a best practice until its effective date; refer to applicability notes below for details the protocol in use supports only secure versions or configurations and does not support fallback to, or use of insecure versions, algorithms, key sizes, or implementations the encryption strength is appropriate for {{the}} encryption methodology in use an inventory of {{the}} entity’s trusted keys and certificates used to protect pan during transmission is maintained identify users and authenticate access to system components user identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle all users are assigned a unique id before access to {{system}} components or cardholder data is allowed group, shared, or generic accounts, or other shared authentication credentials are only used when necessary on an exception basis, and are managed as follows account use is prevented unless needed for an exceptional circumstance use is limited to {{the}} time needed for {{the}} exceptional circumstance business justification for use is documented use is explicitly approved by management individual user identity is confirmed before access to an account is granted every action taken is attributable to an individual use nicepay products security data transmission {{nicepay}} has used https on all {{api}} endpoints to maintain {{the}} security of data transmission in transactions between {{merchant}} s and {{customer}} s, {{merchant}} s with {{nicepay}} , and other parties connected to {{the}} {{nicepay}} {{system}} authentication {{nicepay}} has special authentication in verifying data in {{the}} {{system}} for snap and non snap {{transaction}} s in snap {{transaction}} s, authentication uses {{the}} docid 92feymrqs iebhxrfgxuq by following {{the}} provisions of {{the}} indonesian payment association while in non snap {{transaction}} s, authentication uses a docid 9ahumzbwzozg905z3ior with {{the}} sha 256 hashing method callback handling callback handling is used by {{the}} {{merchant}} s to verify {{the}} {{payment}} of {{transaction}} s to {{the}} {{nicepay}} whitelist ip notification and transaction status every {{transaction}} process that runs on {{the}} {{nicepay}} {{system}} has an automatic notifications which contain {{transaction}} {{information}} and {{status}} that varies according to {{the}} stage of a {{transaction}} we suggests {{merchant}} s to check {{the}} notifications sent and {{transaction}} {{status}} using {{api}} status inquiry regularly to avoid {{notification}} injection from irresponsible parties list of {{nicepay}} status inquiry {{api}} api version api link snap version docid\ qdn7cgvv26s2xeibfwg1u docid\ a0i6lo4dvbo6ih5ql6nda docid\ za7an0he8c3 2oixvdlna docid\ ge22wm18e02qrwdgbwmz docid\ q6wfjff2upkvdlms56io5 docid\ zltn93laidzfgpiif7d26 version 2 docid 7thqvphz6emwezw5 d4an docid\ fc bkdwkevwf2h9usoc8k docid\ itcm3ihd d5tjo3i0zjen docid 79r7v9ynenetfidqqvmkk docid\ b6ctfh0si5ntzuljbwtnd docid\ tegpdwiwlqpwiik9vv3r4 docid\ ikbnpmy56gww3hk0v3emu docid\ z6mz313pnsr5weunylyta docid\ i34g2mhsezzv2y4d1bj7y docid\ uchkzomsxvxzdcknfmuzd version 1 docid\ b hqvi5gbns yxcexem2a notification injection is one of {{the}} security vulnerabilities when an attacker sends a {{notification}} that is not supposed to be sent to {{the}} systems security maintenance bug bounty program {{nicepay}} appreciates all forms of {{information}} regarding security {{system}} issues submitted however, {{nicepay}} does not have a bug bounty program and does not provide any rewards though {{nicepay}} does not currently have a bug bounty program for public participation, we may consider it in {{the}} future {{nicepay}} will continue to evaluate and improve {{the}} security of our {{system}} based on national and international standards as a top priority to protect {{the}} confidentiality of {{information}} for every {{transaction}} that runs in our {{system}} for further {{information}} regarding {{the}} bug bounty program and security of {{the}} {{nicepay}} {{system}} in {{the}} future, please visit {{nicepay}} official https //nicepay co id/ and social media