0

All,I have a stand-alone ePayment service which is implemented with an asp.net web service for my order management system , and I am using the CyberSource as the payment service, The responsiblity of the web service is the interface to intergate the CyberSource with the order management system, But I have really poor knowledge in the security of payment service. And I really wasn't aware of what is the important issue I should care about .So far, I already did some work on it .below is the code looks like, please review it and comments.

            //sOMSIp is the IP of my order management system.
            string sOMSIp = "xx.xx.xx.xx";
            //get the client IP
            string sIP=HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"];

            //make sure the request is from the order management system. otherwise it is invalid.
            if (sIP.Equals(sOMSIp))
            {
                //process the payment request 
            }
            else
            {
                //return the fail message.
            }

But I am not sure if there is any possibility to forge the IP of client. And It is well appreciated if someone can give me some idea or solution to build security of ePayment . thanks.

Joe.wang
  • 11,537
  • 25
  • 103
  • 180
  • Please tell me any reason for closing it .thanks. – Joe.wang May 09 '13 at 13:00
  • 1
    Why would someone want to process a payment through your system? Either way, if you want ideas for payment security, you need to start with [PCI Compliance](https://www.pcisecuritystandards.org/security_standards/index.php). – MikeSmithDev May 09 '13 at 13:05
  • 1
    You code is just simply comparing two IP addresses. There is not enough information to answer regarding how secure your payment service is. If you want people to review your code, you might want to post it at http://codereview.stackexchange.com/. By the way, I did not close your question. – Win May 09 '13 at 14:02
  • +2 thanks you all, Need time to read PCI compliance firstly. – Joe.wang May 09 '13 at 14:18

0 Answers0