Ensuring interaction integrity

The integrity of exchanged information is preserved by the exchange of alphanumeric signatures between the payment gateway and the merchant website.

The payment gateway and the merchant website interact via HTML forms.

A form contains a list of specific fields (see chapter Generating a payment form) used to generate a chain.

This chain is then converted to a smaller chain using a hash function (SHA-1, HMAC-SHA-256).

The merchant will be able to choose the hash algorithm in their Merchant Back Office (see chapter Choosing the hash algorithm).

The resulting chain is referred to as the digest of the initial chain.

The digest must be transmitted in the signature field (see chapter Computing the signature).

Modeling security mechanisms:

Figure 1. Diagram of a security mechanism
  1. The merchant website builds the form data and computes the signature
  2. The merchant website submits the form to the gateway
  3. The gateway receives the form data and computes the signature
  4. The gateway compares the computed signature with the signature that was transmitted by the merchant website
  5. If the signatures are different, the payment request is rejected

    If not, the gateway proceeds to payment

  6. The gateway builds the result data and computes the response signature
  7. Depending on the shop configuration (see chapter Setting up notifications), the payment gateway transmits the payment result to the merchant website
  8. The merchant website receives the data and computes the signature. It compares the computed signature with the signature that was transmitted by the payment gateway
  9. If the signatures are different, the merchant analyses the source of the error (computation error, attempted fraud, etc.)

    If not, the merchant proceeds to update their database (stock status, order status, etc.)