Using an encrypted data transferring channel

To exchange data between the Loymax system and the user's device, the HTTPS data transfer protocol is used, which provides security and confidential information exchange.

Information security is achieved through the use of SSL/TLS - a standard protocol that provides a secure connection when accessing web resources and making it impossible for outsiders to view the transferred data.

During the establishment of a connection based on the HTTPS protocol, a random secret key is created that will be known only to the server and the user's device. Using this key, which is generated anew at each communications session, all transmitted information is encrypted. It is impossible to access the transferrd data from the outside by selecting the secret key since it consists of more than one hundred characters.

To increase the security of the connection based on the HTTPS protocol, a digital certificate is used, which is applied for server identification of the system. It confirms the fact of server management by the person to whom it was granted. It contains all the necessary information about the owner and there is digital signature that is used to confirm authenticity. Only if the digital certificate is authenticated passes the exchange of data between the server and the user's device starts.

Backup communication channels

For increased reliability and resilience of the data transfer network, Loymax equipment is integrated using multiple independent communication channels, each of which is redundant in an N+1 arrangement.

Using a digital signature

To ensure additional security of data transmission, each command coming from the cash register, as well as the processing response, can be equipped with an electronic digital signature (EDS).

The mechanism for using EDS involves the formation of pairs of private and public keys for processing and for each cash register device interacting with it. Requests received from the cash register and processing responses are provided with an electronic signature obtained as a result of encryption of the transmitted data using a private key. The recipient of the request decrypts the signature using the public key. The hash (a string of characters) resulting from this conversion must match the hash of the received data, which ensures that the received data has not been changed during the transferring. Thus, the digital signature provides the protection and integrity of the transmitted data.

Masking card numbers

Processing, in response to cash register requests, sends customer card numbers in a musked form (usually only the last 4 digits are transmitted). This is done so as not to compromise the customer's confidential information, which can be published, for example, on a cheque.

Impersonal wording of errors

The system, in response to the transferred invalid data in requests related to the personal data of customers, returns errors with impersonal wording. This approach enables to reduce the probability of receiving confidential data by enumerating card numbers, phone numbers, and other personal data of the customer.

At the moment, when sending invalid data, the following errors are returned: