SuiteTalk (Web Services) Platform Guide - NetSuite

Web Services SecurityEncryption82Encryption• Sessions managed through a SuiteCloud Plus license. These users require multipleJSESSIONIDs to continue their multi-threaded access through the SuiteTalk APIs.• Users who have logged in with a different account or role than the initial (existing)session. In this case, as expected, the first session becomes invalid, and a new session iscreated. Note, however, if a role is not provided during a second login, and a sessionalready exists, users will assume the role of their initial session, regardless of theirsettings (for example, UIdefault, WSdefault, or last role used).Web services communications are not viewable by a third party as they travel on the Internet.Encryption is implemented using 128-bit encryption with HTTPS/SSL at the transport level.No non-secure Web service requests are granted.PCI Compliance Password RequirementsWhen using NetSuite’s Credit Card Payments feature, be aware of the Payment Card Industry(PCI) Data Security Standard password requirements. Anyone using the following roles or anycustom role with the View Unencrypted Credit Cards permission must change his or herNetSuite password at least every ninety (90) days:• Administrator• Accountant• Bookkeeper• Controller• A/R ClerkIf the number of days set in the Password Expiration in Days field on the General Preferencespage is less than ninety days, that requirement remains in effect. For example, if your companyis set to expire passwords every sixty days, your password expiration date does not change.However, if your company is set to expire passwords every 120 days, this setting automaticallychanges to 90 days for employees using these roles.In addition, passwords for those with access to unencrypted credit card numbers must have aminimum of seven (7) characters. If the number of characters set in the Minimum PasswordLength field on the General Preferences field is greater, that requirement also remains in effect.All employees using roles with access to unencrypted credit card numbers will be asked tochange passwords to meet the PCI compliance requirements.Working with Custom Field SecurityCustom field security can be applied on a per-field basis. If field security has been applied to afield in the UI, the custom field schema will include the field level security metadata. As aresult, users should be aware that the permissions they specify on custom fields will apply toSuiteTalk Platform Guide