Connected Services Framework
Connected Services Framework 3.0 - Billing Standard Business Event Send comments on this topic.
Billing Standard Business Event Security

Billing scenarios that are enabled by the BillingSBE usually involve the exchange of sensitive and confidential information. The BillingSBE provides features that you can use to help protect this information and you can take additional precautions to protect the components and data of the BillingSBE from malicious attack. For example, you can ensure that user accounts and groups are not over-privileged, that only trusted accounts have access to important files (such as configuration files), and that access to the BillingSBE database is carefully managed.

The messages exchanged between the various services involved in billing scenarios usually contain highly sensitive information in the message payload, such as customer account information, as well as sensitive information in the message header, such as credentials that are used to access VAS systems and your billing systems. The Billing Standard Business Event (BillingSBE) provides several security mechanisms that you can use to help protect this sensitive information. The BillingSBE uses WSE policy to provide authentication and data protection for both incoming and outgoing messages. After a message is authenticated, the BillingSBE provides an extra level of access protection on incoming messages by authorizing the account that is associated with the message against an appropriate Active Directory security group. Finally, the BillingSBE uses the Windows Cryptography APIs and 128bit encryption to protect message data that is stored in the BillingSBE database, which helps to prevent database administrators from accessing sensitive customer information.