Protection of processing against external attacks

Using captcha

For the purpose of protection against hacking, customer authorization in the Personal Account on the website is protected by invisible captcha. The customer does not need to enter any characters from the deformed string and even check the box “I am not a robot”, as the invisible captcha will automatically recognize customer behavior and, in case of suspicious actions (e.g. consecutive input of incorrect authentication data), will issue standard tasks for verification (text recognition, image recognition, etc.).

This mechanism allows to protect the System from unauthorized access of computer bots and at the same time does not cause inconvenience to real users. To configure captcha, it is enough to register your site at the official Google resource and connect the captcha plugin specifying the captcha keys received during registration in the settings.

Access limits

Loymax System has a number of limits that block repeated actions by users. These limits protect the System from hacker attacks and include:

• limitation on the number of registrations and authorizations in the Personal Account from one IP address,
• limitation on the number of attempts to enter a password during user identification,
• limitation on the number of attempts to change the password and phone number,
• limitation on the number of attempts to request and enter a confirmation code,
• limitation on the number of attempts to replace the card.

Configuration of limits is available in the admin panel of the Marketing Management Platform (MMP). The following can be set for each limit:

• boundary value,
• time period during which the user actions are counted,
• blocking time with the accuracy up to minutes.

In addition, for each limit, it is possible to configure sending notifications that inform about limit triggering, so that the administrator can timely respond, for example, to the unauthorized actions in the System.

The list of critically important limits is provided in the Limits section.

Protection against DDoS attacks and hacking

The Qrator-based defense system protects Loymax System from distributed denial of service attacks, when intruders disable the System with a flood of requests.

Web applications are protected against hacking by a special WAF service for tracking and blocking network attacks.

Ongoing auditing, logging and monitoring of the server operation and accessibility to the System services is carried out.

All data is stored in the data centre that complies with the Uptime Institute Tier III standard: Operational Sustainability (Silver status) with strict access control and 24/7 security.