Product Documentation

If you are a payment gateway, you are unlikely to require this feature; but, if you are a merchant acquiring CHD, you are likely to find this section useful.

 

A feature of the SAKA is its ability to relay transactions to payment gateways through HTTP POST or SOAP transactions over SSL/TLS. The application uses the relay webservice within the SAKA's Foundation services and sends transaction data in conformance with the XML Schema Definition (XSD) schema provided with the appliance, embedding the token in the request instead of the plaintext PAN.

 

The SAKA, upon authorizing the request, decrypts the token(s), substitutes them in the transaction and makes a HTTP POST or SOAP request to a previously configured payment gateway on the appliance. Responses from the gateway are returned to the calling application as-is, without any parsing.

 

The advantage of this feature is that the application no longer needs to decrypt tokens to settle transactions with the payment processor, further reducing vulnerabilities in the application-tier and scope for PCI-DSS audits for the settlement modules of the application.

 

Should you choose to use the relay capability, you will need to test this within your application. Sample code is provided on the appliance, while documentation of the feature is provided in the SAKA Reference Manual; please refer to this documentation for details on relay-processing.

 

Design Consideration #4

Should the application plan on using the relay webservice on the SAKA, this must be designed into the application and tested against the specific gateway.