Provide advanced security and authorization mechanisms for mobile payments Mobility is changing the face of the payments ecosystem and predictions expect transaction volumes to increase tenfold by 2016. The API infrastructure supporting mobile payment products must incorporate advanced data integrity, security and scalability features to ensure the successful growth of the ecosystem. Layer 7 offers a range of features to enable a high-capacity payment platform and supports all the technical and regulatory requirements that accompany this. Using Layer 7’s PCI-DSS-compliant technology, service providers can ensure all payment transactions are appropriately secured and encrypted, with additional controls in place to guarantee transactional integrity.

1. Copyright © 2013 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.
Securing Payment APIs Using Layer 7
Provide Advanced Security & Authorization Mechanisms for Mobile Payments
Mobility is changing the face of the
payments ecosystem and predictions
expect transaction volumes to increase
tenfold by 2016. The API infrastructure
supporting mobile payment products
must incorporate advanced data
integrity, security and scalability
features to ensure the successful
growth of the ecosystem.
Learn More About Layer 7’s Mobile
Payments Solution
 Phone
+1‐800‐681‐9377
(toll free within North America)
or +1‐604‐681‐9377
 Email
info@layer7.com
 Web
www.layer7.com
 Facebook
www.facebook.com/layer7
 Twitter
@layer7
A look at the Mobile Payments Ecosystem
With many new payment products coming to market and a variety of
new technologies available, the mobile payment ecosystem was valued
at approximately $170B in 2012. This was divided among well‐
established payment networks such as PayPal, closed‐loop services from
Starbucks, digital wallet services from Visa (V.me) and NFC‐enabled
mobile wallets like Isis. Despite the clear differences between these –
and many more – products, each must ensure that every financial
transaction is completed reliably and securely. This means having a
scalable API architecture through which payments are processed.
Using Layer 7 as a Secure Payments API Platform
The Layer 7 API Management Suite offers a range of key features to
enable a high‐capacity payment platform and supports all the technical
and regulatory requirements that accompany this. Using the PCI‐DSS‐
compliant Layer 7 API Gateway technology, service providers can ensure
all payment transactions are appropriately secured and – when
necessary – encrypted, with additional data validation and verification
controls in place to guarantee transactional integrity.
Benefits
Layer 7’s enterprise‐grade solution has been proven across several tier‐
one payment networks and financial institutions, helping to deliver
scalable API infrastructure for a variety of payment products. The key
benefits include:
1. PCI‐DSS compliance for data security and end‐to‐end
transport encryption
2. Advanced OAuth tools to enable context‐based authorization
and broker cloud‐based payment credentials
3. Data validation and verification to ensure transactional integrity

2. Copyright © 2013 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.
Key Features
Traffic Management
CoS Routing  Prioritize traffic based on class of service/quality of service preferences
Service Availability
Management
 Manage routing to backend services, based on availability, latency or performance
Reporting & Auditing
 Generate configurable, out‐of‐the‐box reports to get insight into platform operations and
service‐level performance and to support non‐repudiation
Threat Protection
Filter XML & REST/JSON
Content for Mobile & Web
 Validate and filter HTTP headers, parameters and form data
 Identify and suppress leakage of sensitive information (e.g. credit card numbers)
 Support REST, AJAX, XML, SOAP, POX and other XML‐based services
Protect Transactional
Integrity
 Protect against identity spoofing and session hijacking, cluster wide
 Assure integrity of communication, end to end
Prevent XML/JSON Attack
& Intrusion
 Protect against: XML parsing; XDoS and OS attacks; SQL and malicious scripting language
injection attacks; external entity attacks
 Protect against XML content tampering and viruses in SOAP attachments
Regulatory Compliance
PCI‐DSS
 PCI‐DSS installation and configuration guide makes it possible to configure and deploy the
API Management Suite as part of a PCI‐compliant process
Identity & Security
Secure OAuth
Implementation
 Supports OAuth 1.0a, OAuth WRAP and OAuth 2.0
 Provides sample two‐ and three‐legged OAuth implementations that can be configured
to your needs
Encryption
 Support for TLS/SSL encryption over the wire
 Support for a variety of cryptographic algorithms, including HMAC, RSA and SHA
Form Factors
Hardware  Active‐active clusterable, mirrored hot‐swappable drives, multi‐core 1U server
Software  Solaris 10 for x86 and Niagara, SUSE Linux, Red Hat Linux 4.0/5.0
Virtual & Cloud  VMware/ESX (VMware Ready Certified)
To learn more about Layer 7, call us today at +1‐800‐681‐9377 (toll free within North America) or +1‐604‐681‐9377.
You can also: email us at info@layer7.com; friend us on Facebook at facebook.com/layer7; visit us at layer7.com;
follow us on Twitter (@layer7).