Wiki source code of Information security
Show last authors
| author | version | line-number | content |
|---|---|---|---|
| 1 | (% class="lead" %) | ||
| 2 | Information security of the Loymax System includes a number of tools and methods for secure data handling. | ||
| 3 | |||
| 4 | (% class="box warningmessage" %) | ||
| 5 | ((( | ||
| 6 | Information provided in this section is for guidance only. To ensure protection of your customer data and operations, it is recommended to utilize ALL the security measures listed in this section. Otherwise, Loymax is not responsible for any possible information leakage. | ||
| 7 | ))) | ||
| 8 | |||
| 9 | All mentioned means are aimed to protect personal data of customers and users of the System, ensuring secure data exchange between the server and end users without any loss or data interception. In this respect, each person involved in the process is granted access to the specific data they are allowed to get and are prevented from obtaining any data they should not have. Only precise and reliable information about customers, purchases, and other transactions is stored in the System. | ||
| 10 | |||
| 11 | == Data protection at the start == | ||
| 12 | |||
| 13 | Before launching the Loyalty Program (LP) and issuing cards, it is recommended to perform the following settings that will help to protect you and your customers from leakage of confidential information: | ||
| 14 | |||
| 15 | (% style="width:auto" %) | ||
| 16 | |(% style="border-color:white; width:451px" %)((( | ||
| 17 | ((( | ||
| 18 | (% class="box infomessage" id="HUseacomplexalgorithmtogeneratecard2Fcouponnumbers" %) | ||
| 19 | ((( | ||
| 20 | **Use a complex algorithm to generate card/coupon numbers** | ||
| 21 | ))) | ||
| 22 | ))) | ||
| 23 | )))|(% style="border-color:white; width:1039px" %)Each card number must be unique and consist of 15-16 digits formed by a special algorithm. Read our [[recommendations on generation of card number templates>>doc:Main.Using.MMP.Admin_panel.Cards_issue.Card_issue_recommendations.WebHome]]. Loymax system, in turn, ensures that cards are issued upon registration in such a way that one card can belong to only one customer. | ||
| 24 | |(% style="border-color:white; width:451px" %)((( | ||
| 25 | ((( | ||
| 26 | (% class="box infomessage" id="HSetcriticallimits" %) | ||
| 27 | ((( | ||
| 28 | **Configure the most important limits** | ||
| 29 | ))) | ||
| 30 | ))) | ||
| 31 | )))|(% style="border-color:white; width:1039px" %)((( | ||
| 32 | We have pointed up several limits that we [[recommend configuring in the first place>>doc:Main.Using.MMP.Admin_panel.Limits.WebHome]]. This will help to prevent misuse by employees of points of sale (POS) and customers, fraudulent actions with the data of LP Members, and associated potential financial losses. | ||
| 33 | ))) | ||
| 34 | |(% style="border-color:white; width:451px" %)((( | ||
| 35 | ((( | ||
| 36 | (% class="box infomessage" id="HConfigurecaptchainPersonalAccountonthewebsite" %) | ||
| 37 | ((( | ||
| 38 | **Set up captcha in the Personal Account of the website** | ||
| 39 | ))) | ||
| 40 | ))) | ||
| 41 | )))|(% style="border-color:white; width:1039px" %)((( | ||
| 42 | To enhance security against hacking, customer authorization in the Personal Account on the website can be protected by the [[invisible captcha>>path:/xwiki/bin/view/Main/Installation_and_configuration/Personal_account_configuration/Invisible_captcha/]] that identifies user behavior and delivers additional verification tasks if any suspicious actions are detected. | ||
| 43 | ))) | ||
| 44 | |||
| 45 | == Additional ways to protect information: == | ||
| 46 | |||
| 47 | (% style="width:80%" %) | ||
| 48 | |(% style="border-color:white; width:48%" %)(% class="box" %) | ||
| 49 | ((( | ||
| 50 | == [[Authorization protection>>doc:Main.General_information.Information_security.Authorization_protection.WebHome]] == | ||
| 51 | |||
| 52 | * OAuth authorization | ||
| 53 | * Single access point to the System | ||
| 54 | * Allocation of access rights | ||
| 55 | )))|(% style="border-color:white" %)((( | ||
| 56 | (% class="box" %) | ||
| 57 | ((( | ||
| 58 | == [[Protection of processing against external attacks>>doc:Main.General_information.Information_security.External_attacks_protection.WebHome]] == | ||
| 59 | |||
| 60 | * Using captcha | ||
| 61 | * Access limits | ||
| 62 | * Protection against DDoS attacks and hacking | ||
| 63 | ))) | ||
| 64 | ))) | ||
| 65 | |(% style="border-color:white" %)(% class="box" %) | ||
| 66 | ((( | ||
| 67 | == [[Server data protection>>doc:.Server_data_protection.WebHome]] == | ||
| 68 | |||
| 69 | * Operations logging | ||
| 70 | * Data backup | ||
| 71 | * Protection against unauthorized access and copying | ||
| 72 | * Regular data cleanup | ||
| 73 | )))|(% style="border-color:white" %)(% class="box" %) | ||
| 74 | ((( | ||
| 75 | == [[Compliance with legislation>>doc:Main.General_information.Information_security.Enforcement_of_legislation.WebHome]] == | ||
| 76 | |||
| 77 | * Age limit for registration in the Loyalty Program | ||
| 78 | * Age policy | ||
| 79 | * Public offer and processing of personal data | ||
| 80 | * Minimum Retail Price (MRP) limits | ||
| 81 | * Verification of phone numbers | ||
| 82 | ))) | ||
| 83 | |(% style="border-color:white" %)((( | ||
| 84 | (% class="box" %) | ||
| 85 | ((( | ||
| 86 | == [[Operations safety>>doc:.Safe_operations.WebHome]] == | ||
| 87 | |||
| 88 | * Two-phase operations | ||
| 89 | * Limits for operations with bonus accounts | ||
| 90 | * Confirmation for bonus points deductions | ||
| 91 | * Card blocking | ||
| 92 | ))) | ||
| 93 | )))|(% style="border-color:white" %)(% class="box" %) | ||
| 94 | ((( | ||
| 95 | == [[Protection of data transmission>>doc:Main.General_information.Information_security.Protection_of_data_transmission.WebHome]] == | ||
| 96 | |||
| 97 | * Encrypted data transmission channel | ||
| 98 | * Digital signature | ||
| 99 | * Card number masking | ||
| 100 | * Impersonal error wordings | ||
| 101 | * Backup communication channels | ||
| 102 | ))) |