Heartland API Key
Service Name: Heartland Payment Systems
Service Description: Heartland Payment Systems is a payment processing company that provides merchants with the ability to accept credit, debit, and prepaid card transactions, as well as payroll services, point-of-sale solutions, and other merchant services.
Service Address: https://www.heartlandpaymentsystems.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured through the Heartland Developer Portal for API access.
Secret Access Scope: Grants access to payment processing APIs, transaction management, customer data, and payment gateway functionality.
Secret Revokement URL: https://developer.heartlandpaymentsystems.com/Account/KeyManagement
Secret Example: skapi_cert_MTyMAQBiHVEAewvIzXVFcmUd2UcyBge_eCpaASUp0A
Suspicious Activity Investigation Instructions:
- Review transaction logs in the Heartland Merchant Portal for unauthorized transactions.
- Check API access logs for unusual patterns or access from unexpected locations.
- Monitor for unexpected refunds, voids, or high-value transactions.
- Look for changes in transaction volume or frequency that deviate from normal patterns.
- Verify if any new payment terminals or integration points have been added without authorization.
Mitigation Instructions:
- Log in to the Heartland Developer Portal.
- Navigate to Account > API Keys Management.
- Locate the compromised API key and click "Revoke" or "Delete".
- Generate a new API key if needed.
- Update all legitimate applications with the new API key.
- Review and update IP restrictions for API access.
- Enable additional security features like velocity controls and fraud monitoring.
- Contact Heartland Payment Systems support at 1-888-963-3600 to report the compromise.