NCR Secure Pay moving to use AWS (Amazon Web Services) *Updated 1/24/18*


Secure Pay Moving to AWS - Action Required

NCR Secure Pay has moved the production service to use AWS, effective 10/16/2018.  

The IP addresses for our public DNS names have changed, but the host names themselves will remain the same –  and

AWS provides a pool of public IP addresses that may be assigned to our servers. The full list can be found below and should be used for firewall rules and whitelisting purposes where needed. The list may seem long, but we do not have control over the public IPs assigned by AWS. For those who would like more information on AWS’s public IPs, visit 

Now that we have made the move to AWS, merchants need to have their systems already configured for the new AWS IP ranges to ensure uninterrupted processing through Secure Pay.


AWS IP Ranges:


Note: This range of IP addresses does use CIDR notation ("/n") on the addresses to include the full range of IP addresses. If your router does not allow CIDR notation to be entered with the IP address a firmware update or new hardware that will allow this may be necessary


Support Notes:

  • Refer to the Counterpoint.log on the station with the failed connection error, to determine the IP that is currently being assigned by AWS for a each affected merchants’ NSP communications, ensure that IP is opened on the firewall, if they must be configured by IP (and cannot be configured by URL/DNS names). NOTE: This IP could change in the future at any time.   

    If this has not been done, error that is returned in Counterpoint is: Error: Connection Timeout. 

    To help identify the current IP addresses being used, in a cmd prompt type: nslookup to get the current IPs. Note this can change at any time without warning, It is recommended that the full list of IPs / Blocks listed above be opened to avoid payment disruptions in the even this IP changes in the future. 


  • For a complete list of IPs to ensure, in the event the IP does change, and to know what range of IPs need to be opened on the firewall, refer to: and enter the above IP/Blocks from the list above.  

    The entire list of ranges was sent out in the original announcement of the move (also noted above).  There may have been some confusion on how the ranges were listed.  For example means that there are 14 bits of variance to that IP address. covers all IP addresses between through  This means that all IPs in that range would need to be listed individually, if you are not able to specify a range.