International remittance solution with WorldPay as a payment provider and PCI-DSS challenges
About project
The Remittance project is an international service for convenient, secure, instant money transfers. The company’s primary focus is transferring funds to African countries using a cross-platform Web and Flutter solution.
Challenges
The New Line Technologies team had an important task – to create a product that meets all the Payment Card Industry Data Security Standard (PCI-DSS) requirements to protect payment data throughout the payment lifecycle.
- The presence of signed responsibility matrices between service providers, specifically between the processing center and the data center, as well as acquiring banks;
- The data center should have an up-to-date PCI-DSS compliance certificate for the infrastructure components used by the processing center, including virtualization, services, physical equipment, and so on;
- The current PCI-DSS status, which is directly related to the frequency of software changes, hardware or virtual machine configurations, and known vulnerabilities such as HeartBleed;
- Regular system audits were required to identify internal/external vulnerabilities and bring infrastructure components aligned with industry security standards.
The goal was to undergo a PCI Vulnerability Scan, as this procedure is one of the best methods for detecting potential vulnerabilities that could be exploited by hackers. Internal vulnerability scanners search for network vulnerabilities within the organization’s network.
Solutions
As part of the integration task with the WorldPay payment service and the implementation of card payments, infrastructure, and individual component scanning were carried out to check for vulnerabilities and compliance with PCI-DSS requirements.
PCI-DSS covers not only scanning network components and servers for vulnerabilities, but also making corrections and process changes to prevent future vulnerabilities. After identifying weaknesses, the New Line Technologies team made adjustments. Some of the detected issues were resolved by configuring the infrastructure, while others were addressed through API-side changes.
The project underwent a PCI Scan Vulnerability check based on the following list:
- Full TCP port scanning
- Standard UDP port scanning
- Password brute force testing
- Overall system vulnerability assessment, including firewalls, FTP servers, web servers, operating systems, and CGI bins.
The completed scanning stages demonstrate that the project is protected from hackers who could gather information about the host (open ports, services, etc.) and access confidential data such as software versions, device security settings, passwords, and more.
Results
The Remittance project has successfully undergone a complex, multi-level examination in accordance with PCI-DSS requirements, is certified, and is used for processing online payments using payment cards.
Don’t want to miss anything?
Subscribe to keep your fingers on the tech pulse. Get weekly updates on the newest stories, case studies and tips right in your mailbox.