Electronic commerce transactions between an online merchant and its customers frequently involve the online merchant interacting with one or more third-party payment processors. For example, an online merchant might utilize one or more third-party payment processors to obtain a payment approval or guarantee for a customer purchase made using a credit card or another type of payment transaction.
In some installations, server computers utilized by an online merchant are compartmentalized into groups, which might be referred to herein as “zones.” For example, a high security zone might be created in a data center that includes server computers configured to perform tasks that require a very high level of security and trust. The server computers in such a high security zone might maintain credit card information or other types of high security data and perform payment-processing services, for instance. High security zones are commonly secured both physically, through the use of physical access control mechanisms configured to restrict access to the high security zone to a typically limited number of authorized personnel, and electronically, through the use of devices designed to monitor and control incoming and outgoing network traffic.
In some installations, one or more low security zones might also be utilized within a data center that do not include all of the physical and network access control mechanisms used in high security zones. For instance, an organization might maintain a high security zone that is restricted to a very small number of authorized employees and one or more low security zones that include server computers that are accessible to a larger group of employees.
In order to interact with third-party payment processors such as those described above, it is commonly necessary for program code that is specific to a particular third-party payment processor to access high security data, such as customer credit card numbers. However, due to restrictions imposed on computer systems in high security zones and, potentially, due to the limited number of personnel that typically have access to high security zones, it can be difficult to deploy and maintain payment processor specific program code on server computers located in high security zones. Consequently, it can be difficult for merchants to integrate with a large number of third-party payment processors in an efficient and highly secure fashion.
The disclosure made herein is presented with respect to these and other considerations.