What's new

IBM® Safer Payments 6.7.0.00 includes new features and enhancements.

Release highlights

  • Improved the workflow for model simulations. Now, the user interface provides better guidance as you accomplish your organization's simulation goals. The ability to run model simulations, analysis, rule generation, and random forest generation in parallel was removed. Therefore, common misconfigurations can now be avoided.

    Now, model simulation always runs as part of a simulation scenario (analysis, rule generation, and random forest generation). To start a different simulation scenario, the scenario that is running must be stopped.

    The logic that determines which elements to simulate was improved. Now, simulation is more conservative and includes only what is needed given the selected attribute settings and simulation scenario settings. Depending on your use case, simulations might run faster and use less resources.

    When an analysis is run, individual rules can now be analyzed instead of whole rulesets. The special workflow for single rule analysis from previous versions was removed. The Model > [revision] > Scoring engine > All rules > [rule] > Start rule analysis icon remains in place. It now redirects you to the regular workflow with some settings that are set to default values.

    To start any simulation scenario, use the new menu item Model > [revision] > Model factory > Simulation. When a simulation is ongoing, use the page to check the status. The page also contains links to simulation results after they are available.

    To configure modeling attribute settings, use the new menu item Model > [revision] > Model factory > Modeling attribute settings. The settings are unchanged but it is now possible to have multiple modeling attribute settings within one model revision. Therefore, you can have different settings for different users or simulation scenarios.

    For more information, see the online help.

  • Introduced the URID namespaces feature. URID namespaces allow administrators to reduce the memory and storage usage of transaction records for individual mandators without storing less data. Added the new menu item, Administration > System > URID namespaces. Added the new global privilege URID namespaces administration. For more information about the feature and how to configure it, see the online help.
  • Asynchronous implementation of the FastLink Interface (FLI) is now available. It is optimized for fast FLI data exchange betweenIBM Safer Payments instances on networks with latencies. It is an alternative to the FLI implementation that is available in previous releases. From a functional point of view, the behavior of the two FLI implementations does not differ. If you experience no latency-related performance problems, you can continue to use the FLI implementation from previous releases.
  • Added a feature that helps to reduce risk if an attacker obtains access to a memory dump. On Model > [revision] > Data model > Inputs, Protection can now be set to the new value, Memory and disk encryption. It is available only for hexadecimal attributes. When an attribute is encrypted in memory, the values that are stored in memory in the MDC are also encrypted. The values are only decrypted when necessary, for example, when data is passed in and out of the system. Also, the memory that is used to store the decrypted memory is securely cleaned after it is no longer used.

Enhancements

  • IBM Safer Payments is now packaged with RPM Package Manager (RPM) rather than InstallAnywhere. The installation procedure for major releases and fix packs has changed. The system can still be installed in a custom directory, as was possible with InstallAnywhere. All configurations are now included within the RPM installation package and are installable. Based on your organization's needs, you can choose which configuration to install. The RPM installation packages are signed by using the same method that was employed by InstallAnywhere. Therefore, the software distribution process remains secure and trustworthy.
  • Now, all traffic that goes over the Status Control Interface (SCI) can be encrypted by using Transport Layer Security (TLS). To enable the feature, select the new Use SSL encryption checkbox for each instance. It is located on Cluster > Cluster settings > Interfaces > Status Control.
  • Added support for integrity monitoring to be compliant with the PCI Secure Software Standard. Integrity monitoring verifies that critical files and configurations have not been changed without permission.

    To validate the integrity of the binary, IBM Safer Payments now runs a self-check during startup. It uses the digital signature that is shipped with the package. If the integrity verification fails, the application does not start and a log message is written. The integrity verification can fail, for example, if the application's binary or digital signature is corrupted or has been changed. IBM Safer Payments only verifies the integrity of the binary file.

    To comply with the standard, you must also implement a third-party monitoring tool like Open Source Security (OSSEC). The tool helps validate integrity, protect cryptographic primitives, secure sensitive data, and ensure dataset integrity during updates. Use the tool to validate the integrity of files other than the binary, for example, configuration files.

    For more information, see the IBM Safer Payments Implementation Guide.

  • Changed the key generation and activation process to comply with the PCI Secure Software Standard. Now, OpenSSL’s random number generator is used to create strong cryptographic data encryption keys. The encryption of master keys was also changed. Now, PBKDF2 derives the master key encryption key from two user passphrases. AES-GCM is used to ensure authenticity of encryption keys.
  • Disable UI Downloads can now be set per user. It controls whether the Download table contents as a CSV file icon is displayed to a user. Since it is now set per user, it does not affect other users even if they belong to the same user group. It is now located on Administration > User management > Accounts > [user account] > Global privileges. You can define its default setting for new users on Administration > System > Configuration > Interfaces > New User Account Defaults. Previously, it applied to all users and was located on Administration > System > Configuration > Interfaces > Application Programming Interface
  • On Model > [revision] > Scoring engine > All rules, you can now use Move rules to copy rules between rulesets without restrictions that are based on the rulesets' conditions.
  • On Report > Report > Investigation, relative time intervals are now supported in data selection. The feature is available for all investigation reports except for transaction messages. To define relative time intervals, set from and to input parameters. The parameters can be decimal values, where each 1.0 unit corresponds to a full 24-hour duration. When a report with relative time selection is run, time is initialized from the current time backwards. If it is run from Administration > Jobs > Settings, time is initialized from the next midnight backwards. After the upgrade, existing report results are the same as before. The upgrade automatically changes them to have an absolute time interval.
  • Now, you can control whether leading and trailing white spaces are trimmed in JSON messages. Use the new setting Administration > System > Configuration > Modeling > Trim whitespaces before computation. The default is enabled. Previously, white spaces were always trimmed