Project: Payment Card Application (PCA)

Client: All e-Biz clubs
Date: Completed in 2010

Business Need

The Payment Card Industry Data Security Standard (PCI DSS) is a worldwide information security standard defined by the Payment Card Industry Security Standards Council. The e-Biz clubs wished to significantly harden their handling of credit card data to meet the latest version of this standard. Specifically each club established a highly secure Payment Card Application server and introduced extra layers of security around all credit card data.

Challenges
  1. This was a mandated upgrade to security, which meant several clubs needed enhanced transaction security at the same time and in a short time frame.
  2. Adding a new physical server meant changes to routers and firewalls in several locations.
  3. The transition to this new secure environment was one way - there was no possibility of rolling back changes should problems occur.
Solution
  1. Newland updated legacy Java Server Pages to communicate with the Clubs' new highly-secure PCA server.
  2. Newland enhanced its My Account Service application to incorporate a secure credit card prompt retrieved from the PCA server.
  3. The User is aware of this increased security as the credit card number is masked on the web page immediately after it is entered.
  4. Newland adhered to a tight deadline and flawlessly implemented transaction security for a group of clubs on time.
Technology & Tools

Newland used Campana's PA-DSS certified code which teams up with Java and Axis to create a supremely secure process. In some cases SOAP is used to communicate between the web server and the PCA server.