Article ID: 114010, created on May 30, 2012, last review on Aug 13, 2014

  • Applies to:
  • Business Automation

Configure system security

Configure different parts of PBA security system.

Generate two RSA key pairs to encrypt customers' credit card data

  • Log into PBA Provider Control Panel
  • Go to Configuration Director > E-Commerce Settings > Encryption Keys
  • Create two RSA key pairs using the Generate New Key buttons for Encryption Key 1 and Encryption Key 2

Note: public RSA key is stored in PBA database and is used to encrypt credit card data, while private key must be stored separately in secure place and loaded into PBA on system start.

Create key custodians

Create system role with the privilege KEY_CUSTODIAN and assign it to two different Provider staff members who will load private key and password accordingly. This may be done in PBA Provider Control Panel at Configuration Director > Security Manager > Roles.

Enable AES encryption

Enable AES encryption to encrypt passwords in PBA. See the following article for details: kb #9103

Configure PBA to purge unused credit cards data after retention period

It is not necessary to store cardholder data forever in the system, define a retention policy to purge unused cardholder data after some time. E.g. use a period of 13 months if you have customers on yearly plans that will pay once every 12 months.

Set retention periods (in hours) in PBA Provider Control Panel at Configuration Director > E-Commerce Settings > E-Commerce Settings.

Implement centralized logging server (since PBA 5.4 only)

PBA may be integrated with centralized log server using industry standard syslog protocol. On the logging server side install any syslog-compatible server (e.g. rsyslogd for Linux and WinSyslog for Windows). Then, configure PBA to use centralized logging server following instructions in the corresponding Deployment Guide:

PBA for Linux

PBA for Windows

Configure system roles

PBA provides wide set of privileges which may be used to create system roles in Provider Control Panel at Configuration Director > Security Manager > Roles.

Follow the principle of minimal privileges creating roles - include only privileges which allow staff member to perform their tasks in PBA Control Panel.

Set password quality level

Set desired password quality level at Configuration Director > Security Manager > Login Settings.

Notes:

  • It is recommended to set password quality level to High at least.
  • If PBA is integrated with POA then password quality must be set to the same level in both systems.

Configure password expiration policies

Configure password expiration policies at Configuration Director > Security Manager > Login Settings.

To be PCI compliant set password expiration period to 90 days or less.

Additional information

See the global article #113946 Parallels Automation Maintenance Guide for checking other important settings.

198398b282069eaf2d94a6af87dcb3ff caea8340e2d186a540518d08602aa065 e12cea1d47a3125d335d68e6d4e15e07

Email subscription for changes to this article
Save as PDF