In accordance with our security experts, Computop uses three types of encryption. These were closely examined during the latest PCI-Audit process and rated secure. An overview of the used encryption technologies is provided below with a reference to further information respectively.
Along with the development of new interfaces, the used encryption technologies and general security measures are steadily evaluated. This is conducted to ensure Computop is constantly using modern and secure encryption.
1. HTTPS Transport Layer Security (TLS 1.2 und TLS 1.3)
Communication with Paygate takes place via TCP/IP and HTTP (HyperText Transmit Protocol) with 128 / 256 bit TLS-encryption (HTTPS). Further information
Accepted Cipher:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
2. Blowfish
All details required for payment processing are forwarded as parameters. The parameters are encrypted with Blowfish and protected with HMAC-Authentication (see below) to ensure that neither the customer nor a third party can manipulate the data.
When calling the form Paygate decrypts the parameters and shows the HTML page with the entry fields for the corresponding payment type. The customer enters the data and triggers the payment process by clicking the Pay button.
After the payment has been made Paygate redirects the customers back to a shop page via HTTPS GET or HTTPS POST (URLSuccess, URLFailure) and transmits the result of the payment as a Blowfish-encrypted parameter string to these URLs. In addition Paygate transmits the result via HTTPS POST to the shop's Notify page (URLNotify). The shop accepts the payment result and decrypts the data in order to inform the customer about the status. Further information
2.1 AES
In addition to the established Blowfish encryption, Computop Paygate also offers the possibility to encrypt messages with AES. Technical details can be found in our documentation.
3. Keyed-Hash Message Authentication Code (HMAC)
To protect against unauthorised manipulation of your payment transactions, the Computop Paygate checks with the aid of a Hash Message Authentication Code (HMAC) whether your payment enquiry is authentic and has not been manipulated. For this purpose you transfer an HMAC value to the Paygate with each transaction in the parameter MAC.
Background: Unlike the HMAC procedure every encoding method has the disadvantage that there is a matching decoding method. Anyone who possesses the correct key or cracks the encryption can read and manipulate the data. Therefore, no encryption method is ever 100% safe. In the case of the Hash procedure, conversely, decoding is impossible, so that a Hash value can confirm the authenticity of the message free of doubt.
The Computop Paygate uses a Hash Message Authentication Code (HMAC) to check the authenticity of your payments. The MAC SHA-256 algorithm is used with a 32-digit key length (256 bits) for this. The additional password makes the HMAC procedure particularly safe. Further information