Genesys Cloud (formerly PureCloud)

Discussion Thread View
Expand all | Collapse all

Secure call flows: Encrypted payload for web service data action

  • 1.  Secure call flows: Encrypted payload for web service data action

    Posted 3 days ago

    Hi Team,

    We are exploring a way to send credit card details from phone to our backend. Our requirement is to have the Creditcard details encrypted using our public key, before the API call is made.

    Does pure-cloud support encryption of payload before sending the API request?

    Note: HTTS might not work for us as the PCI compliance team raised a concern of: the credit card number would then be in plain text to our Public endpoint, bringing it and any systems that touched it after SSL into PCI scope (usually our Public endpoint, would not be decrypting SSL itself, usually network equipment upstream handles SSL), which isn't going to be allowed.


    #ArchitectureandDesign
    #Implementation

    ------------------------------
    Kartik Sura
    Uber
    ------------------------------


  • 2.  RE: Secure call flows: Encrypted payload for web service data action

    Top 25 Contributor
    Posted 3 days ago
    Encrypted key data actions is on the roadmap, but not for a bit.  What you can use now is mTLS to secure the connection with your own certificate.  Combined with https and IP whitelisting, you can get pretty secure.

    Robert

    ------------------------------
    Robert Wakefield-Carl
    Avtex Solutions, LLC
    Contact Center Innovation Architect
    robertwc@avtex.com
    https://www.Avtex.com
    https://RobertWC.Blogspot.com
    ------------------------------