DT SECURITY UPDATES

Important information for developers

Below is a summary of upcoming changes that relates to your integration to DIBS DT platform

All below changes must be completed by merchants by February 26, 2018. Please watch this space for continuous updates.

 

DNS is required

We will change from static to dynamic IP, which require merchants to use DNS when sending requests.

DNS:
securedt.dibspayment.com (Primary)
secure.incab.se (Secondary)
paymentreport.debitech.com (FTP)


87.48.72.70 - outgoing IP for both primary and secondary


Note: HTTP reports will be sent from the new outgoing IP, but expect traffic from both old and new IP address during February and March

 

TLS versions will be decommissioned
Due to PCI DSS compliance, TLS versions prior to TLSv1.2 will no longer be supported. Merchants are required to check that their systems support TLSv1.2.

Outdated integration methods will be decommissioned
Merchants using following methods for transactions should switch to use the webservice API instead.

- DebiTechServer.jar file
Merchants using our DebiTechServer.jar java library will have to switch to use our webservice API instead.

- Refunds through java & com+ server-modules on port 444
Merchants doing refunds through our java & com+ server-modules on port 444 will need to use our webservice API instead. The functionality of doing refunds through port 444 will be decommissioned. This change will not affect refunds in the DT Manager web portal.

The servlet will still continue to work, only calls using port 444 will be affected.
Using a certificate will no longer have any use, as it will not be verified on 443.

Documentation about the webservice API is available at https://tech.dibspayment.com/DT/API

Users in API requests
Due to compliance, API request with users other than API users will be rejected. API users are created through DIBS Manager (Security > User accounts)

Secure connection to our FTP server
Due to PCI compliance, merchants using FTP on port 21 will be required to use the secure FTPS on port 21443. Documentation about the FTP server is available at https://tech.dibspayment.com/DT/Toolbox/ftpreports

TLS versions will be decommissioned
Due to PCI DSS compliance, TLS versions prior to TLSv1.2 will no longer be supported. Merchants are required to check that their systems support TLSv1.2.

DIBS has setup a test server which can be used to test if the correct TLS version and ciphers are supported.
The webserver will return a page saying "SSL TEST STATUS: OK" if you are connecting with propper TLS and ciphers. It is configured to respond on HTTPS using TLSv1.2 with DIBS current production cipher suite.

To further test which TLS versions and ciphers your server supports, there is an external page that can be used:
https://www.ssllabs.com/ssltest/

Important: SSL Labs is an external service provided by Qualys, Inc. DIBS do not take any responsibility for their services and are only providing the link as an example, of an external service that can be used to test the server.

 

 

 

Please note that the above changes will be performed February 26th 2018.
Do you have a question or need help?
Follow us
DIBS Payment Services
Stockholm +46 (0)8-527 525 00
Göteborg +46 031-600 800
København +45 7020 3077
Oslo +47 21 55 44 00