Diagram Technical Details Security System Requirements SECURITY Transmission security All information transmitted over an open network between components of i-PayOnline will be encrypted with SSL 128 bit encryption. Stored information No payment-related information needs to be stored on the supplier's system. The data layer in i-PayOnline is hosted on BoE Bank's internal network, behind the firewall. The firewall will only allow communication from the i-PayOnline application server through to the database. The database will only allow data access through the use of stored procedures. Direct access to the the data tables is not possible. The components that call these stored procedures are grouped in MTS packages which run under pre-assigned NT user ID's. Only these user ID's will be allowed to run the stored procedures on the i-PayOnline database. To be able to call these components and to log on to the i-PayOnline system, a digital certificate is issued, identifying the user as a member of a specific group with limited access to specific components and web pages. Digital certificates The web server, as well as each user that will have access to the administration interface on the i-PayOnline server, will need a Verisign Class 2 Digital certificate, which will be issued by BoE Bank.