UKTD Connect will provide payment transaction routing services. The service expects request in specific XML format and returns response in XML format. First user must send a Login request which will be validated with the DB and if the provided login credentials are correct a unique Session ID would be generated and the same would be sent back in the response.
For subsequent transaction request the Session ID would be passed along with transaction related data and the Session ID would be validated, in case the Session ID is not valid accordingly an error response would be sent back to the client. Validation of Session ID ensures that every transaction is coming from authenticated users. The Credit Card transaction request which is received is converted to gateway specific xml format and sent to the payment gateway, upon receiving the response from the gateway the same would be sent back to the client.
UKTD Connect Key IT Systems
PAM (Password Audit Management):
PAM service provides functionalities related to Password Management, some of the important features of this application are:
⮚ User Authentication
⮚ Password Validation
⮚ Logging of User Activity
⮚ Generating Session
⮚ Getting Role Permission related to the User
⮚ Password is encrypted and stored in the DB.
Receipt Manager:
For each transaction Receipt Manager reads the transaction data and generates a PDF receipt using SQL Server Reporting Service. This runs as a windows service.
Email Server:
Email Server is responsible for sending the PDF receipts to the customer’s email address for
each transaction. This runs as a windows service.
Portal Application
Portal Application is an interactive web-based application with multi-level user access like
Admin, Super user and Attendant user. Transaction history can be viewed, filtered based on criteria and the same can be exported to excel or pdf format.
Some of the important features of Portal Application are:
⮚ Managing Merchants
⮚ Managing Attendants
⮚ Assigning POS licenses
⮚ Managing User Roles
⮚ Assigning Gateways
⮚ Managing Users
⮚ Summary Reports
Application Hosting and Security:
All the applications, services and Database should be hosted on PCI Compliant Server. Access to the application servers should be provided through VPN Client with two factor authentication. HTTPS is enabled for all the applications hosted in IIS.
⮚ Sensitive data related to the transaction are NOT stored anywhere in the system.
⮚ All the transaction related sensitive data which are logged for monitoring are masked.
before writing to log file, thus ensuring data safety and security.
⮚ Past 1-year logs would be maintained in a backup folder.
⮚ Application and DB would be hosted on 2 different PCI compliant servers, wherein the
server on which DB is hosted will not have internet access and would be accessible only from the application server which would be in the same network.
⮚ We will be using third party tool for monitoring application logs and performance of the server.
⮚ According to the PCI Compliance the application source code would be scanned for
vulnerabilities so that the code is fool proof. (Sonar Cube)
⮚ The developer system will be on separate network which will not be accessible from
another network.
⮚ Transactions posted from Kiosks and Online POS to the Payment Gateway will be encrypted
⮚ Transactions posted from the Payment Gateway to Acquiring Host will be encrypted
Development
⮚ All developers are PCI DSS certified.
⮚ Application development team is trained and certified by PCI DSS
⮚ All the codes are maintained in GIT Hub repository, only authorised people will have
access to the GIT Hub repository.
⮚ Application release notes document is maintained with all the changes implemented in each release.
⮚ Once the application is released for UAT/Production the code will be tagged and
maintained with comments.
⮚ Once the development is completed the application will be released for QA.
Testing procedures:
⮚ The team will prepare the test cases according to the requirement.
⮚ Atlassian Jira tool is used for bug tracking.
⮚ Once the application is released to QA team with release notes, QA team will execute all the test case scenarios and log the bugs in Jira and notification will be sent to development team.
⮚ The developers will have access to Jira to view the description of the bugs raised, once the bug is fixed and updated in Jira, it will be notified to QA team for re-testing.
Deployment:
⮚ Once the application is certified by QA team, it will be moved to UAT environment.
⮚ Once the user acceptance test is completed and accepted application would be moved to production environment.
⮚ Backup of previous release of the application will be maintained in a backup folder.
⮚ Backup plan: In case of any issue after deployment in the Production environment, previous release would be restored.
⮚ Application penetration test would be done on the application server
⮚ Internal and External penetration test will be done on the application server
⮚ Quarterly ASV scans will be performed on the application environment
⮚ ASV is an Approved Scanning Vendor, part of this activity external vulnerability assessment will be done for all the open ports and channels.
⮚ Server access is limited to only Primary support personnel
⮚ All the servers will have Anti-Virus software installed
⮚ To identify unusual or fraudulent transaction
⮚ UKTD database/Systems/Applications will not store any sensitive data
⮚ Sensitive data would be masked before logging in to the log file.
⮚ Passwords are encrypted and stored in the DB
⮚ UKTD Connect is an omni channel capable of handling multiple transactions at the same time.
For subsequent transaction request the Session ID would be passed along with transaction related data and the Session ID would be validated, in case the Session ID is not valid accordingly an error response would be sent back to the client. Validation of Session ID ensures that every transaction is coming from authenticated users. The Credit Card transaction request which is received is converted to gateway specific xml format and sent to the payment gateway, upon receiving the response from the gateway the same would be sent back to the client.
UKTD Connect Key IT Systems
PAM (Password Audit Management):
PAM service provides functionalities related to Password Management, some of the important features of this application are:
⮚ User Authentication
⮚ Password Validation
⮚ Logging of User Activity
⮚ Generating Session
⮚ Getting Role Permission related to the User
⮚ Password is encrypted and stored in the DB.
Receipt Manager:
For each transaction Receipt Manager reads the transaction data and generates a PDF receipt using SQL Server Reporting Service. This runs as a windows service.
Email Server:
Email Server is responsible for sending the PDF receipts to the customer’s email address for
each transaction. This runs as a windows service.
Portal Application
Portal Application is an interactive web-based application with multi-level user access like
Admin, Super user and Attendant user. Transaction history can be viewed, filtered based on criteria and the same can be exported to excel or pdf format.
Some of the important features of Portal Application are:
⮚ Managing Merchants
⮚ Managing Attendants
⮚ Assigning POS licenses
⮚ Managing User Roles
⮚ Assigning Gateways
⮚ Managing Users
⮚ Summary Reports
Application Hosting and Security:
All the applications, services and Database should be hosted on PCI Compliant Server. Access to the application servers should be provided through VPN Client with two factor authentication. HTTPS is enabled for all the applications hosted in IIS.
⮚ Sensitive data related to the transaction are NOT stored anywhere in the system.
⮚ All the transaction related sensitive data which are logged for monitoring are masked.
before writing to log file, thus ensuring data safety and security.
⮚ Past 1-year logs would be maintained in a backup folder.
⮚ Application and DB would be hosted on 2 different PCI compliant servers, wherein the
server on which DB is hosted will not have internet access and would be accessible only from the application server which would be in the same network.
⮚ We will be using third party tool for monitoring application logs and performance of the server.
⮚ According to the PCI Compliance the application source code would be scanned for
vulnerabilities so that the code is fool proof. (Sonar Cube)
⮚ The developer system will be on separate network which will not be accessible from
another network.
⮚ Transactions posted from Kiosks and Online POS to the Payment Gateway will be encrypted
⮚ Transactions posted from the Payment Gateway to Acquiring Host will be encrypted
Development
⮚ All developers are PCI DSS certified.
⮚ Application development team is trained and certified by PCI DSS
⮚ All the codes are maintained in GIT Hub repository, only authorised people will have
access to the GIT Hub repository.
⮚ Application release notes document is maintained with all the changes implemented in each release.
⮚ Once the application is released for UAT/Production the code will be tagged and
maintained with comments.
⮚ Once the development is completed the application will be released for QA.
Testing procedures:
⮚ The team will prepare the test cases according to the requirement.
⮚ Atlassian Jira tool is used for bug tracking.
⮚ Once the application is released to QA team with release notes, QA team will execute all the test case scenarios and log the bugs in Jira and notification will be sent to development team.
⮚ The developers will have access to Jira to view the description of the bugs raised, once the bug is fixed and updated in Jira, it will be notified to QA team for re-testing.
Deployment:
⮚ Once the application is certified by QA team, it will be moved to UAT environment.
⮚ Once the user acceptance test is completed and accepted application would be moved to production environment.
⮚ Backup of previous release of the application will be maintained in a backup folder.
⮚ Backup plan: In case of any issue after deployment in the Production environment, previous release would be restored.
⮚ Application penetration test would be done on the application server
⮚ Internal and External penetration test will be done on the application server
⮚ Quarterly ASV scans will be performed on the application environment
⮚ ASV is an Approved Scanning Vendor, part of this activity external vulnerability assessment will be done for all the open ports and channels.
⮚ Server access is limited to only Primary support personnel
⮚ All the servers will have Anti-Virus software installed
⮚ To identify unusual or fraudulent transaction
- MID and TID authentication
- Merchant Floor Limit authentication
- Merchant Category Code (MCC) authentication
⮚ UKTD database/Systems/Applications will not store any sensitive data
⮚ Sensitive data would be masked before logging in to the log file.
⮚ Passwords are encrypted and stored in the DB
⮚ UKTD Connect is an omni channel capable of handling multiple transactions at the same time.
on-boardingAn easy integration with our on-boarding platform will allow you to board New Merchants using secure web solutions.
Boarding new merchants will be quick and easy with our efficient, user-friendly software solution. LOGISTICSWe offer fast delivery to any merchants through our network of logistic service providers.
What's more, all our products and services will be delivered to any merchants straight after a customised set up and ready-to-use. help deskOur 24/7 customer care service offers technical support to merchants anytime.
Our Help desk team is always available to help with any queries on the phone and via email. maintenanceOur maintenance & repair center ensures prompt diagnostics and repairs. We are committed to offering the best services to merchants with our new generation, high performances POS Devices.
|