Using captcha

To protect against hacking, customer authorization in the Personal Account on the site is protected by an invisible captcha. The customer does not need to enter any characters from the distorted line and even set the flag “I am not a robot”, an invisible captcha will automatically recognize his/her behavior and, in case of suspicious actions (for example, the consecutive input of incorrect authorization data), will issue standard tasks for verification (text recognition, pictures, etc.).

This mechanism enables to protect the system from unauthorized access to computer bots and at the same time does not cause inconvenience to real users. To configure captcha, just register your site on the official Google resource and connect the captcha plugin, indicating the captcha keys received during registration in the settings.

Access limits

The Loymax system has a number of limits that block repeated actions on the part of users. These limits protect the system from hacker attacks and include:

• The limit on the number of registrations and authorizations in the Personal Account from one IP address,
• The limit on the number of attempts to enter a password when identifying a user,
• The limit on the number of attempts to change the password and phone number,
• The limit on the number of attempts to request and enter a verification code,
• The limit on the number of attempts to replace the card.

Configuration of limits is available in the MMP admin panel. For each limit, you can specify:

• boundary value,
• the period of time during which the user’s actions are counted,
• blocking time accurate to minutes.

In addition, for each limit, it is possible to configure the sending notifications that inform the activation of the limit, so that the administrator, for example, can timely respond to the unauthorized actions in the system.

A list of especially important limits is presented in the Limits section.

Protection against DDoS attacks and hacking

The Qrator-based defence protects the Loymax system from distributed denial of service attacks, when attackers take the system offline with a flood of requests.

Web applications are protected against hacking by a special WAF service which monitors and blocks network attacks.

There is constant auditing, logging and monitoring of the server operation and accessibility to the System services.

All data is stored in Uptime Institute Tier III compliant data centre: Operational Sustainability (Silver status) with strict access control and 24/7 security.