Other Data Security Measures
Both TIBCO Reward and its Clients must adhere to industry standard
Information Security policies. TIBCO Reward complies with Payment Card Industry
(PCI) data security standards and is certified as compliant with Visa
Cardholder Information Security Principles (CISP). Among other stringent data
security requirements, these guidelines require passwords to be transmitted
verbally or via secure, encrypted email with precautions taken to eliminate
copies of the email being saved.
Passwords must not be transmitted in writing or non-secure email.
TIBCO Reward
takes extreme measures in providing a highly secure
environment for merchant transaction data and applications. Our
data-transmission security capabilities meet PCI and CISP requirement
standards.
Encryption
All communication with the TIBCO Reward interfaces must be over, at
minimum, 128-bit SSL connection. The certificates used by the client must be
current and signed by an accepted certificate provider. Connections that do not
meet these standards will not be accepted.
Authentication
The authentication of connections is done using HTTP-Auth.
Username/password must be sent with every request. Any unauthenticated
connections will be rejected.