What security measures are used?
The Gateway provides data encryption, server authentication, message integrity and optional client authentication for a TCP/IP connection by the Secure Sockets Layer (SSL) protocol. SSL is a protocol developed by Netscape to provide secure transmission of private information that is sent over the Internet. This protocol uses public and private key pairs to encrypt data. The public and private keys are dissimilar and each pair is unique; therefore, the keys possessed verify the sender’s identity. The public key is distributed to the merchant, ISP or CSP in the form of a digital certificate, which contains information that can verify the key holder identity and the key validity. The private key is kept confidential and remains on the Payment Gateway. If data is encrypted with the private key, only the public key can decrypt it. If data is encrypted with the public key, only the private key can decrypt it. This process prevents the data from being compromised while in transit.
