Software Announcement February 1, 2000 IBM Payment Gateway for AIX, Version 2 Adds Major Functions to Financial Institutions Processing Transactions for Internet Commerce Overview Payment Gateway for AIX, Version 2.1, is a member of a family of IBM Payment products. The IBM Payment products provide an end-to-end solution for electronic commerce over the Internet. These products provide function that begins with the card holder, continues with the merchant, and then culminates in the delivery of the transactions to financial institutions and credit and debit card companies. Payment Gateway is key to that final link. It is an intelligent interface between merchant Web sites and existing non-internet credit and debit card processing systems. The Payment Gateway has features to: Help check the validity of transactions arriving from merchants Translate these messages into formats recognized by the card processing systems Route them for further handling Payment Gateway offers consumers, merchants, and financial institutions the security, reliability, and flexibility necessary to quickly respond to their evolving business needs. The Payment Gateway does the sophisticated routing to manage the authorization and acceptance of encrypted payment messages over the Internet. Payment Gateway implements a security-rich Internet payment processing system that helps build trust among customers, merchants, and financial institutions. The Payment Gateway includes support for the: Secure Electronic Transaction (SET) Version 1.0 protocol Secure Socket Layer (SSL) Version 3 protocols New SET PIN extension With the Payment Gateway, merchants and payment processors have greater flexibility with utilities that translate messages into processor-specific transaction formats recognized by payment processing systems, such as ISO-8583. The Payment Gateway programming interface supports C and C++ languages. The Gateway uses open database connection (ODBC) to provide support for DB2 Universal Database, Oracle, and Informix. This new version of the Payment Gateway adds significant new function and provides improved usability, reliability, and performance. With the Payment Gateway you can bring e-commerce technology to your enterprise with the flexibility you need and the confidence you expect from IBM. Key Prerequisites An RS/6000 workstation capable of running AIX, with 256 MB of RAM (512 MB or more recommended) AIX Version 4.2.1, or later, with the latest service upgrades applied A relational database such as DB2 Universal Database Enterprise Edition, Version 6 IBM 4758 PCI Cryptographic Coprocessor, with CCA 1.3.1 (optional, recommended for SET processing) Refer to the Hardware Requirements and Software Requirements sections for additional detail. At a Glance Payment Gateway benefits include: Enabling more-secure bank card payments through the Internet Helping ensure quality input to the card processing system by checking validity of data in the incoming merchant messages Providing its function economically on scalable hardware Planned Availability Date February 4, 2000 (Multi-lingual) This announcement is provided for your information only. For additional information, contact your IBM representative, call 800-IBM-4YOU, or visit the IBM home page at: http://www.ibm.com. IBM United States IBM is a registered trademark of International Business Machines Corporation. 200-005
Description The Payment Gateway receives encrypted messages sent by merchants over the Internet, intranets, or leased lines. Incoming messages are decrypted and, if necessary, converted to the particular message format used by the acquirer. The messages are then forwarded to the acquirer s payment processing system via the Payment Gateway s transaction router and interface services. The acquirer s response messages are converted to the merchant format, if necessary, and encrypted and forwarded to the merchants. The Payment Gateway manages certificates and certificate revocation lists if required by the security protocol. The Payment Gateway will also perform cryptographic verifications and digital signature processing if required by the protocol-defined security procedures. Because message flows and content vary among different payment systems, support for multiple protocols is needed to provide secure payment processing over the Internet. The Payment Gateway supports multiple protocols, including: SSL, a general purpose security protocol for encrypted data transmission over the Internet. SET protocol, an industry-standard transport and messaging protocol for electronic payment transactions. Support for the SET PIN extension is also included. Merchant initiated SET transactions (MIS), a SET extension that can be used by merchants to accept credit and debit card information from consumers without SET wallets. Officially awarded the SET Mark, Payment Gateway operates with any SET-compliant merchant server. The certificate management features of SET allow the Payment Gateway to ensure that only authorized parties can engage in data transmissions. The Payment Gateway encrypts and decrypts inbound and outbound payment messages between Web-based merchants and acquiring institutions, ensuring data integrity. The Gateway can support multiple acquirers and their merchants on one Gateway machine. The Gateway also provides support for capture transactions in batches or individual messages. Utilities are provided to assist in the batching of capture transactions. The Payment Gateway for AIX provides scripts for RS/6000 high-availability machines. Providing unparalleled reliability, availability, and serviceability, the Gateway includes support for hardware cryptography using the IBM 4758 adapter card and, when available later this year, the new 4758 Models 002 and 023-2. The hardware cryptography cards provide tamper-resistant storage for private cryptographic keys. The newer Models 002 and 023 are required for support of the SET PIN extension. Certified as Tivoli Ready, the Payment Gateway meets key integration standards for manageability by Tivoli software. When managed through the award-winning Tivoli Enterprise Console or Tivoli Global Enterprise Manager, the Gateway can help reduce the time it takes to diagnose problems and dramatically improve availability. Year 2000 This product is Year 2000 ready. When used in accordance with its associated documentation, it is capable of correctly processing, providing, and/or receiving date data within and between the twentieth and twenty-first centuries, provided that all products (for example, hardware, software, and firmware) used with the product properly exchange accurate date data with it. The service end date for this Year-2000-ready product is June 30, 2001. Product Positioning The Payment products are part of a comprehensive set of products that help enable more-secure commerce over the Internet. Payment products have implemented the SET Secure Electronic Transaction protocol. Payment Gateway is the product within the family that provides an intelligent router function for SET transactions and transactions received over the SSL communications link. It is used as a place to tailor messages as they are being routed so the receiving transaction system doesn t require changes. Payment Gateway is also the product a financial institution, payment processor, or payment card brand institution would use to interface their current card processing system with the Internet transactions based on the SET protocol or received over the SSL protocol. Trademarks AIX, DB2 Universal Database, and RS/6000 are registered trademarks of International Business Machines Corporation in the United States or other countries or both. Other company, product, and service names may be trademarks or service marks of others. 200-005 -2-
IBM US Announcement Supplemental Information February 1, 2000 Offering Information Product Information is available through Offering Information (OITOOL) at: http://www.ibm.com/wwoi Publications No hardcopy publications are shipped with this program. All publications are available with this program in softcopy. The publications available with the Payment Gateway include: Payment Gateway for AIX Installation Guide Payment Gateway for AIX Programmer s Guide Payment Gateway for AIX User s Guide Displayable Softcopy Publications: All publications for Payment Gateway for AIX are offered in displayable softcopy form. All unlicensed manuals are included. The displayable manuals are part of the basic machine-readable material. The files are shipped on the same CD-ROM as the basic machine-readable material. The manuals may be displayed or printed by the Adobe Acrobat Reader on any of the supported platforms. Terms and conditions for use of the machine-readable files are shipped with the files. Open Blueprint : Payment Gateway provides for the manageability of hardware and software resources. Its implementation is consistent with the systems management function described in IBM s Open Blueprint. Open Enterprise: This product is designed for the SET Secure Electronic Transaction protocol used as a method to provide more-secure, payment card transactions over the open networks. This product also complies with the SSL Version 3 protocol used as a method to provide additional security for transactions over the open networks. Technical Information Specified Operating Environment Hardware Requirements An RS/6000 workstation capable of running AIX with 256 MB of RAM (512 MB of RAM recommended) 512 MB of hard disk space (refer to the Installation Guide for more details) Space for log files and databases Optionally, the IBM 4758 PCI Cryptographic Coprocessor can be used for added security. The Coprocessor should be ordered as Model 001, with Support Program feature (#4374) and function-control vector feature (#5200 or 5201), based on country export or import regulations. Features #5200 and #5201 perform equivalent cryptography functions in support of the SET protocol. Refer to the 4758 ordering information for its requirements. This version of the Payment Gateway also supports the 4758 Model 023 and 002, which will be available later this year. Note: If this hardware encryption is used, the RS/6000 must have a PCI bus. Software Requirements AIX Version 4.2.1, or later, with the latest service upgrades applied One of the following relational databases: DB2 Universal Database Enterprise Edition Oracle 7.3.4 or 8.0 (requires ODBC driver 1 ) Informix 7.31 (requires ODBC driver 1 ) VisualAge C++ Compiler Version 3.6.4, or later If the optional IBM 4758 PCI Cryptographic Coprocessor is used, then 4758 CCA Support Program Release 1.3.1, or later, is required. More information about the crypto cards can be found at: http://www.ibm.com/security/cryptocards Optionally, IBM ADSM Version 2.1.0.4 2, or later Optionally, IBM Communications Server for AIX at the Version 3.1.2.9 level 3 Optionally, IBM AIXLink/X.25 Version 1.1.4 4 Optionally, Java Development Kit 1.1.6 5 Optionally, High Availability Cluster Multi-Processing (HACMP), Version 4.3 Optionally, Tivoli Storage Manager for AIX, Version 3.7 1 Use of Oracle or Informix requires the appropriate ODBC driver from Merant, Data Direct Connect ODBC Version 3.0.2, or later. The minimum level needed for Oracle 8 is Merant update 577945. For more information about Merant drivers, go to: http://www.merant.com 2 ADSM is used for backup and is optional. If ADSM is not used, the database must be managed by other means. 3 Needed only if the Gateway will communicate with a bank card network using the SNA protocol. 4 Needed only if the Gateway will communicate with a bank card network using the X.25 protocol. 5 Needed only if the SSL Key Management Tool will be used. This announcement is provided for your information only. For additional information, contact your IBM representative, call 800-IBM-4YOU, or visit the IBM home page at: http://www.ibm.com. IBM United States IBM is a registered trademark of International Business Machines Corporation. 200-005
Performance Considerations: Response time in an Internet environment depends on a variety of network and telecommunication factors, such as line speeds, local network constraints, and available processing capacity for Payment Gateway. Response time to the host system is dependent on the communication capacity to the host and the host s processing capacity. This version of the Payment Gateway contains several performance enhancements, which should result in an overall decrease in response time and an increase in throughput. Planning Information Customer Responsibilities: The customer must consider the installation, design, implementation, and maintenance of a Payment Gateway system. Customized user exits are required for translating and processing messages to the host system. It is recommended that IBM Business Partners or IBM Global Services be used to assist in these activities, unless a very basic implementation is planned. To implement a complete Payment Gateway system, a customer or Business Partner should have the following skills: Basic systems and network administration skills for AIX (SMIT) DB2 /6000 (or appropriate relational database) administration skills Understanding of TCP/IP protocols and the appropriate host communication protocol (SNA LU6.2, X.25, or TCP/IP) Programming skills for basic customization C and C ++ General knowledge of AIX Version 4.x threads General knowledge of the SET protocol Specific knowledge of the SET data fields General knowledge of ISO 8583 (or the appropriate host message format) Programming skills for advanced customization Relational database programming skills Communication programming skills, if using a communication protocol not in the base product Direct Customer Support: Direct customer support is provided by AIX Support Line. This fee service enhances customers productivity by providing voice and electronic access into the IBM support organization. AIX Support Line will help answer questions pertaining to usage, and suspected software defects for eligible products. Installation and technical support is provided by Global Services. For more information call 800-IBM-4YOU (426-4968). Packaging: Payment Gateway for AIX is distributed in one package with the following: IBM International Program License Agreement in a multilanguage booklet and its License Information Document Proof of Entitlement One CD-ROM One Package Introduction Letter The manuals are all included on the CD-ROM in Hypertext Markup Language (HTML) and Portable Document Format (PDF) formats. Security, Auditability, and Control Payment Gateway uses the security and auditability features of the AIX operating system. In addition, Payment Gateway uses the SET Version 1 protocol and/or SSL protocol to provide more-secure payment card transactions over open networks such as the Internet. The customer is responsible for evaluation, selection, and implementation of security features, administrative procedures, and appropriate controls in application systems and communication facilities. Ordering Information Payment Gateway for AIX, Version 2.1 is a server product that has a single charge unit: machine install. The product is available as a production license or as a development and test license. The production license may serve as a development and test license, but may serve only as one or the other at any one time. The development and test license may not serve as a production license. These are available in fixed order quantities of 1. Payment Gateway is available at an upgrade price for those customers currently licensed for Payment Gateway for AIX, Version 1. Upgrades may be acquired up to the current level of use authorized for the qualifying programs. OTC 1 Medium Feature Feature Description Number Number Medium Program Number (5765-E43) Payment Gateway for AIX 0005 5819 CD-ROM Controlled Version Payment Gateway for AIX 0005 5829 CD-ROM Standard Version Payment Gateway for AIX 0003 5809 CD-ROM Controlled Development Version 1 Install on one machine Payment Gateway for AIX 0003 5839 CD-ROM Standard Development Version 1 Install on one machine 1 One-time charge Upgrades OTC Medium Feature Feature Description Number Number Medium Program Number (5765-E43) Upgrade from Payment 0006 5819 CD-ROM Version 2, Controlled Version 1 Install on one machine Upgrade from Payment 0006 5829 CD-ROM Version 2, Standard Version 1 Install on one machine 200-005 -2-
OTC Medium Feature Feature Description Number Number Medium Upgrade from Payment 0004 5809 CD-ROM Version 2, Controlled Development Version Upgrade from Payment 0004 5839 CD-ROM Version 2, Standard Development Version Customization Options: Select the appropriate feature numbers to customize your order with delivery options desired. These features can be specified on the initial or MES orders. Description Initial Shipments Feature Number Serial Number Only (suppresses shipment 3444 of media and documentation) Ship Media Only (suppresses initial 3470 shipment of documentation) Update Shipments Ship Media Updates Only (suppresses 3480 update shipment of documentation) Suppress Updates (suppresses update 3482 shipment of media and documentation) Expedite Shipments Local IBM Office Expedite 3445 (for IBM use only) Customer Expedite Process Charge 3446 ($30 charge for each product) Expedite shipments will be processed to receive 72-hour delivery from the time IBM Software Delivery and Fulfillment (SDF) receives the order. SDF will then ship the order via overnight air transportation. Terms and Conditions Licensing: IBM International Program License Agreement. Proofs of Entitlement (PoE) are required for all authorized use. Limited Warranty Applies: Yes Program Services: Available until June 30, 2001 Money-Back Guarantee: Two-month, money-back guarantee Copy and Use on Home/Portable Computer: No Volume Orders (IVO): Yes, contact your IBM representative. Passport Advantage Applies: No Passport Advantage Subscription Applies: No Usage Restriction: Yes Payment Gateway for AIX Production may be installed on multiple processors, on the same machine. It is limited to usage for production or for development and test, but not on different machines for different purposes at the same time. Payment Gateway for AIX Development and Test may be installed on multiple processors, on the same machine. It is limited to usage as a development and test machine and may not be used for production. Support Line: Yes AIX/UNIX Upgrade Protection Applies: No Entitled Upgrade for Current AIX/UNIX Upgrade Protection Licensees: No AS/400 Software Subscription Applies: No Variable Charges Apply: No Charges OTC Feature Description Number OTC Payment Gateway for AIX, Version 2.1 (5765-E43) Payment Gateway Base Version 0005 $250,000 (Standard or Controlled) Payment Gateway Development 0003 125,000 Version (Standard or Controlled) Upgrades OTC Feature Description Number OTC Payment Gateway for AIX, Version 2.1 (5765-E43) Upgrade from Payment 0006 $95,000 Version 2 Base Package (Standard or Controlled) Upgrade from Payment 0004 50,000 Version 2 Development Version (Standard or Controlled) Contact your sales channel for Support Line pricing information. Customer Financing: IBM Global Financing offers attractive financing to credit-qualified commercial and government customers and Business Partners in more than 40 countries around the world. IBM Global Financing is provided by the IBM Credit Corporation in the United States. Offerings, rates, terms, and availability may vary by country. Contact your local IBM Global Financing organization. Country organizations are listed on the Web at: http://www.financing.ibm.com -3-200-005
Trademarks AIX, Open Blueprint, RS/6000, DB2 Universal Database, DB2, VisualAge, and AS/400 are registered trademarks of International Business Machines Corporation in the United States or other countries or both. Java is a trademark of Sun Microsystems, Inc. UNIX is a registered trademark in the United States and other countries exclusively through X/Open Company Limited. Other company, product, and service names may be trademarks or service marks of others. Year 2000 Readiness Disclosure Statements made in this announcement regarding Year 2000 are Year 2000 Readiness Disclosures under the Year 2000 Information and Readiness Disclosure Act of 1998, a U.S. statute enacted on October 19, 1998. 200-005 -4-