We have received an email from Paymentus regarding a change to their security settings. Do we need to take any action? Will this impact CSS?
- Paymentus
- CSS
- Citizen Self Service
Paymentus is a supported payment gateway for Munis Citizen Self Service. Paymentus is locking down the ability for their pages to be embedded into an iframe, which allows a webpage to be embedded into another webpage. This functionality can be exploited by unethical websites to obscure malicious content.
This change by Paymentus will not impact standard deployments of Munis Citizen Self Service (CSS). This change only impacts websites hosted within an iframe, which would be a custom setup. Tyler does not configure CSS to be hosted within an iframe, so any customizations would be the responsibility of the client to support.
The following is the notification Paymentus has emailed to clients regarding this change:
Dear Valued Client,
In an effort to maintain our security position, we would like to inform you of an upcoming change to how you connect to the Paymentus application in our UAT environment. This change will go into effect for UAT at 6 p.m. ET on Tuesday, August 23, 2022 and only impacts clients using an iframe. After the change is made, you will not be able to connect to our application via iframe unless your UAT parent URL is whitelisted on the Paymentus side. A parent URL is a website that is used to display or embed the Paymentus iframe. Additionally, this change will go in effect for our production environment at 6 p.m. ET on Thursday, September 22, 2022.
We recommend sharing this information with your IT Team to ensure continued connectivity to our UAT and production environments.
What action needs to be taken?
If you are using iframe, you will need to provide your UAT and production parent URLs and domains to Paymentus, so they can be whitelisted by our team no later than Tuesday, August 16, 2022, in order to maintain connectivity to the Paymentus environments. If you have not previously requested whitelisting for your domains, please submit the information to your Account Manager directly, using the following form:
- Client Name:
- UAT parent URL/domain:
- UAT Paymentus iframe URL:
- PROD parent URL/domain:
- PROD Paymentus iframe URL:
If multiple domains are used in the parent URLs please ensure to specify all the domains that invoke Paymentus applications in an iframe.
Please note that all clients using our application via iframe must include “iframe=true” in the iframe source https URL to ensure the page is served appropriately.
If you have any questions, please reach out to your dedicated Account Manager or contact our Customer Service team at 800-420-1663 or customercare@paymentus.com. Our Customer Care associates are available to assist you Monday through Friday, 8 a.m. to 10 p.m. EST and Saturday and Sunday, 8 a.m. to 5 p.m. EST.
Thank you for your continued partnership with Paymentus.
0 Comments