Wiki source code of Информационная безопасность
Hide last authors
| author | version | line-number | content |
|---|---|---|---|
 |
3.2 | 1 | (% class="lead" %) |
| |
39.1 | 2 | The information security of the Loymax system includes a number of tools and methods for safe working with data |
| |
3.2 | 3 | |
| |
5.1 | 4 | (% class="box warningmessage" %) |
| 5 | ((( | ||
| |
39.1 | 6 | The information presented in this section takes the form of a recommendation. To ensure the security of your customers' data and operations, we recommend using ALL the security measures listed in this section. Otherwise, Loymax is not responsible for any information leakage. |
| |
5.1 | 7 | ))) |
| |
3.2 | 8 | |
| |
39.1 | 9 | All the funds presented are aimed at protecting the personal data of customers and users of the system, and also provide a secure exchange of data between the server and final users without loss and the possibility of interception. Moreover, each member in the process gets access to the data that he/she can get, and does not get access to what he/she should not be available to. The system stores only reliable information about customers, purchases, and other operations. |
| |
5.1 | 10 | |
| |
39.1 | 11 | == Data protection at the start == |
| |
5.1 | 12 | |
| |
39.1 | 13 | Before launching the loyalty program and issuing cards, we recommend to make the following settings that will help protect you and your customers from confidential information leakage: |
| |
5.1 | 14 | |
| 15 | (% style="width:auto" %) | ||
| |
39.1 | 16 | |(% style="border-color:white; width:451px" %)((( |
| 17 | * ((( | ||
| 18 | ===== Use a complex algorithm to generate card/coupon numbers ===== | ||
| |
5.1 | 19 | ))) |
| |
39.1 | 20 | )))|(% style="border-color:white; width:1039px" %)The number of each card must be unique and consist of 15-16 digits, formed by a special algorithm. Read our [[recommendations about the formation of card number templates>>doc:Sandbox.Deleted_pages.Card_issue_recommendations.WebHome]]. The Loymax system in turn provides the issuance of cards during registration in such a way that one card can belong to only one customer. |
| 21 | |(% style="border-color:white; width:451px" %)((( | ||
| 22 | * ((( | ||
| 23 | ===== Set critical limits ===== | ||
| |
5.1 | 24 | ))) |
| |
39.1 | 25 | )))|(% style="border-color:white; width:1039px" %)((( |
| 26 | We have allocated several limits that we [[recommend configuring in the first place>>doc:Main.Using.MMP.Admin_panel.Limits.WebHome]]. This will help to prevent abuse by employees of POSs and customers, fraudulent activities with the data of the LP Members, and possible financial losses associated with them. | ||
| |
5.1 | 27 | ))) |
| |
39.1 | 28 | |(% style="border-color:white; width:451px" %)((( |
| 29 | * ((( | ||
| 30 | ===== Configure captcha in Personal Account on the website ===== | ||
| 31 | ))) | ||
| 32 | )))|(% style="border-color:white; width:1039px" %)((( | ||
| 33 | To protect against hacking, customer authorization in the Personal Account on the site can be protected by an [[invisible captcha>>path:/xwiki/bin/view/Main/Installation_and_configuration/Personal_account_configuration/Invisible_captcha/]] that recognizes user behavior and, in case of suspicious actions, issues additional tasks for verification. | ||
| 34 | ))) | ||
| |
5.1 | 35 | |
| |
39.1 | 36 | == Additional methods to protect information: == |
| |
5.1 | 37 | |
| |
39.1 | 38 | (% style="width:80%" %) |
| 39 | |(% style="border-color:white; width:48%" %)(% class="box" %) | ||
| |
3.2 | 40 | ((( |
| |
39.1 | 41 | == [[Server Data Protection>>doc:.Server_data_protection.WebHome]] == |
| |
3.2 | 42 | |
| |
39.1 | 43 | * Operations logging |
| 44 | * Data backup | ||
| |
3.2 | 45 | )))|(% style="border-color:white" %)((( |
| 46 | (% class="box" %) | ||
| 47 | ((( | ||
| |
39.1 | 48 | == [[Processing Protection Against Attacks>>doc:.Processing_protection.WebHome]] == |
| |
3.2 | 49 | |
| |
39.1 | 50 | * Using captcha |
| 51 | * Access limits | ||
| |
3.2 | 52 | ))) |
| 53 | ))) | ||
| 54 | |(% style="border-color:white" %)((( | ||
| 55 | (% class="box" %) | ||
| 56 | ((( | ||
| |
39.1 | 57 | == [[Authorization Protection>>doc:.Authorization_protection.WebHome]] == |
| |
3.2 | 58 | |
| |
39.1 | 59 | * OAuth authorization |
| 60 | * Single access point to the system | ||
| 61 | * Differentiation of access rights | ||
| |
3.2 | 62 | ))) |
| |
39.1 | 63 | )))|(% style="border-color:white" %)((( |
| 64 | (% class="box" %) | ||
| |
3.2 | 65 | ((( |
| |
39.1 | 66 | == [[Data Transferring Protection>>doc:.Data_protection.WebHome]] == |
| |
3.2 | 67 | |
| |
39.1 | 68 | * Encrypted channel of data transmission |
| 69 | * Digital signature | ||
| 70 | * Masking card numbers | ||
| 71 | * Impersonal wording of errors | ||
| |
3.2 | 72 | ))) |
| |
39.1 | 73 | ))) |
| |
3.2 | 74 | |(% style="border-color:white" %)((( |
| 75 | (% class="box" %) | ||
| 76 | ((( | ||
| |
39.1 | 77 | == [[Security of Conducting Operations >>doc:.Security_operations.WebHome]] == |
| |
3.2 | 78 | |
| |
39.1 | 79 | * Two-phase operation |
| 80 | * Limits of operations with a bonus account | ||
| 81 | * Confirmation of bonus points deduction | ||
| 82 | * Card block | ||
| |
3.2 | 83 | ))) |
| |
39.1 | 84 | )))|(% style="border-color:white" %)(% class="box" %) |
| |
3.2 | 85 | ((( |
| |
39.1 | 86 | == [[Enforcement of Legislation>>doc:.Compliance_with_laws.WebHome]] == |
| |
3.2 | 87 | |
| |
39.1 | 88 | * Age limit when registering |
| 89 | * Public Offer and processing of personal data | ||
| 90 | * MRP limits | ||
| 91 | * Phone number validation | ||
| |
3.2 | 92 | ))) |
| |
33.1 | 93 | |
| |
39.1 | 94 | (% class="root-extension__layer-composer" %) |
| |
33.1 | 95 | ((( |
| |
39.1 | 96 | |
| |
33.1 | 97 | ))) |