Wiki source code of Information security
Show last authors
| author | version | line-number | content |
|---|---|---|---|
| 1 | (% class="lead" %) | ||
| 2 | Information security of the Loymax System includes a number of tools and methods for secure data handling. | ||
| 3 | |||
| 4 | (% class="box warningmessage" %) | ||
| 5 | ((( | ||
| 6 | The information provided in this section is for guidance only. To ensure protection of your customer data and operations, it is recommended to utilize ALL the security measures listed in this section. Otherwise, Loymax is not responsible for any possible information leakage. | ||
| 7 | ))) | ||
| 8 | |||
| 9 | All mentioned means are aimed at protection of personal data of customers and users of the System and ensure secure data exchange between the server and end users without losses and possibility of interception. Moreover, each member in the process gets access to the data that he/she can get, and does not get access to what he/she should not be available to. The system stores only reliable information about customers, purchases, and other operations. | ||
| 10 | |||
| 11 | == Data protection at the start == | ||
| 12 | |||
| 13 | Before launching the loyalty program and issuing cards, we recommend to make the following settings that will help protect you and your customers from confidential information leakage: | ||
| 14 | |||
| 15 | (% style="width:auto" %) | ||
| 16 | |(% style="border-color:white; width:451px" %)((( | ||
| 17 | * ((( | ||
| 18 | ===== Use a complex algorithm to generate card/coupon numbers ===== | ||
| 19 | ))) | ||
| 20 | )))|(% style="border-color:white; width:1039px" %)The number of each card must be unique and consist of 15-16 digits, formed by a special algorithm. Read our [[recommendations about the formation of card number templates>>doc:Main.Using.MMP.Admin_panel.Cards_issue.Card_issue_recommendations.WebHome]]. The Loymax system in turn provides the issuance of cards during registration in such a way that one card can belong to only one customer. | ||
| 21 | |(% style="border-color:white; width:451px" %)((( | ||
| 22 | * ((( | ||
| 23 | ===== Set critical limits ===== | ||
| 24 | ))) | ||
| 25 | )))|(% style="border-color:white; width:1039px" %)((( | ||
| 26 | We have allocated several limits that we [[recommend configuring in the first place>>doc:Main.Using.MMP.Admin_panel.Limits.WebHome]]. This will help to prevent abuse by employees of POSs and customers, fraudulent activities with the data of the LP Members, and possible financial losses associated with them. | ||
| 27 | ))) | ||
| 28 | |(% style="border-color:white; width:451px" %)((( | ||
| 29 | * ((( | ||
| 30 | ===== Configure captcha in Personal Account on the website ===== | ||
| 31 | ))) | ||
| 32 | )))|(% style="border-color:white; width:1039px" %)((( | ||
| 33 | To protect against hacking, customer authorization in the Personal Account on the site can be protected by an [[invisible captcha>>path:/xwiki/bin/view/Main/Installation_and_configuration/Personal_account_configuration/Invisible_captcha/]] that recognizes user behavior and, in case of suspicious actions, issues additional tasks for verification. | ||
| 34 | ))) | ||
| 35 | |||
| 36 | == Additional methods to protect information: == | ||
| 37 | |||
| 38 | (% style="width:80%" %) | ||
| 39 | |(% style="border-color:white; width:48%" %)(% class="box" %) | ||
| 40 | ((( | ||
| 41 | == [[Server Data Protection>>doc:.Server_data_protection.WebHome]] == | ||
| 42 | |||
| 43 | * Operations logging | ||
| 44 | * Data backup | ||
| 45 | )))|(% style="border-color:white" %)((( | ||
| 46 | (% class="box" %) | ||
| 47 | ((( | ||
| 48 | == [[Processing Protection Against Attacks>>doc:.Processing_protection.WebHome]] == | ||
| 49 | |||
| 50 | * Using captcha | ||
| 51 | * Access limits | ||
| 52 | ))) | ||
| 53 | ))) | ||
| 54 | |(% style="border-color:white" %)((( | ||
| 55 | (% class="box" %) | ||
| 56 | ((( | ||
| 57 | == [[Authorization Protection>>doc:.Authorization_protection.WebHome]] == | ||
| 58 | |||
| 59 | * OAuth authorization | ||
| 60 | * Single access point to the system | ||
| 61 | * Differentiation of access rights | ||
| 62 | ))) | ||
| 63 | )))|(% style="border-color:white" %)((( | ||
| 64 | (% class="box" %) | ||
| 65 | ((( | ||
| 66 | == [[Data Transferring Protection>>doc:.Data_protection.WebHome]] == | ||
| 67 | |||
| 68 | * Encrypted channel of data transmission | ||
| 69 | * Digital signature | ||
| 70 | * Masking card numbers | ||
| 71 | * Impersonal wording of errors | ||
| 72 | ))) | ||
| 73 | ))) | ||
| 74 | |(% style="border-color:white" %)((( | ||
| 75 | (% class="box" %) | ||
| 76 | ((( | ||
| 77 | == [[Security of Conducting Operations >>doc:.Security_operations.WebHome]] == | ||
| 78 | |||
| 79 | * Two-phase operation | ||
| 80 | * Limits of operations with a bonus account | ||
| 81 | * Confirmation of bonus points deduction | ||
| 82 | * Card block | ||
| 83 | ))) | ||
| 84 | )))|(% style="border-color:white" %)(% class="box" %) | ||
| 85 | ((( | ||
| 86 | == [[Enforcement of Legislation>>doc:.Compliance_with_laws.WebHome]] == | ||
| 87 | |||
| 88 | * Age limit when registering | ||
| 89 | * Public Offer and processing of personal data | ||
| 90 | * MRP limits | ||
| 91 | * Phone number validation | ||
| 92 | ))) |