4
1
I have an application which uses a Payment Gateway from a local bank (Bank A). The application is behind a restricted network (It wasn't until the Wannacry Ransomware hit).
In this case, the network has only allowed requests for Bank A domain, which is the only 3rd party domain my application access. The problem comes when i try to use a VISA or MASTERCARD from a Credit/Debit card issued from a Bank C with 2FA enabled. These cards are redirected to another page where 2FA is handled, and these re-directions means that the domain is changed and eventually blocked by the network (firewall or proxy or both, or something else i don't have much of an idea).
Now, my clients network guy asks me for the domain URLs so he could grant them access to these resources. But i explain to him that i have no control over this and neither do my application, and i don't have a list of domains which banks uses for their 2FA verification's. And instructed them to contact their payment gateway bank which is Bank A. And they reply to me saying they contacted them, and they do have a URL bundle, but which the bank cannot give.
So how do the network guys should handle this? Can they handle this from their end or is it something the Payment Gateway bank must do? How does other Payment Gateways work in a scenario like this?
*PS: I don't have much of a networking background, sorry in advance if this sounds like a stupid question.
Edit 1: Describing Important Entities
- Banks - Who provides the Payment Gateways (Bank A) and Transaction related services like 2FA (Bank C).
- Merchant - Who buys the Payment Gateway services from the Bank (Bank A). Who is also my customer which i develop the application for.
- End User - Uses the application which is in Kiosk Machines to make payments for the merchants services.
- Network - Maintained by merchant (Their private LAN)
Basically Bank A has a API for developers to use. The API is registered to a Public domain, so it is accessible by anyone with proper credentials. The Kiosk machine is the user input terminal, which will be used to make payments for the merchant (Just like another counter). When user initiates a payment process, we send relevant information regarding the payment to the payment gateway, which in return will check for validity of the information and prompt the user with credit/debit card information form. At this point if the users card is issued from another bank which is 2FA enabled, the network blocks it's redirection to the 2FA verification page since it is from another domain. If the card is from the same bank, there is no problem. Transaction will complete, and all of merchants systems will get updated about this successful transaction.
In short, the merchant and user is inside the LAN, and all the services and handled internally within their systems. However when an online payment occurs, the need of accessing outside entity arises (Bank A + Bank B). Bank A Domain has clearance to the network.
k9yosh
Posted 2017-09-21T06:45:57.250
Reputation: 173
Hi k9osh, I am finding it hard to see where Bank A is, where Bank C is, and where the user is, in relation to the network filter. Can you [edit] and describe this? – Paul – 2017-09-25T06:04:24.057
@Paul thanks paul for helping me with this. I have edited the question. I'm not sure whether this is exactly what you asked for. But if you do have any doubts please tell me, i'll reply as soon as i see them. – k9yosh – 2017-09-25T10:22:55.727
1I am not sure how you can solve this without the participation of the network team that run the filter. From your description, the knowledge isn't available to you or them. So really your only option is to test the authentication services of various providers, have them fail and have the network guys monitor the filter and see what is blocked. – Paul – 2017-09-27T06:45:49.060
@Paul Sorry for the late reply. Idk how I missed your reply. Anyway, I think you are right. They still haven't solved this and we have disabled this functionality as per their request. It's a hospital network, and after the WannaCry ransomware attack, their Network Policies has been toughened. So even the management is unable to reason for a solution with the IT department of theirs. Thanks for the help! – k9yosh – 2018-01-24T08:20:35.423