Transaction security and customer data protection are essential to maintain user trust and ensure the integrity of your payment platform. Here’s a comprehensive guide to strengthen application security and follow best practices for handling sensitive data storage.

Application Security

In addition to FedaPay’s integrated security measures, it’s important that each user of our service reinforces the security of their own application or platform. Implementing protocols such as TLS/HTTPS and adhering to strong encryption practices are crucial to safeguarding your customers’ data.

Using TLS/HTTPS for Data Transmission

TLS (Transport Layer Security) is the protocol that ensures secure communications between the client’s browser and your server. Initially, SSL (Secure Sockets Layer) handled this function, but TLS has replaced it for enhanced security.

Why Use TLS/HTTPS ?

  • Data Encryption : TLS encrypts all information exchanged between the client and server, ensuring that sensitive data cannot be intercepted by third parties.
  • Server Authentication : TLS verifies that the client is communicating with the authentic server, not an imposter.
Example: Payment pages must always use TLS 1.2 or a later version. This protocol secures data flow and boosts customer trust, which can even help improve conversion rates.

Setting Up TLS/HTTPS

1

Obtain a Digital Certificate

A digital certificate, issued by a certification authority (CA), is necessary to configure TLS. This certificate guarantees your server’s authenticity to users.Certificate Options :
2

Installation and Configuration

Once you have the certificate, configure your server to use it. Follow the installation guides provided by your CA to ensure correct setup.
3

Configuration Verification

Use tools like the SSL Labs Server Test to ensure your TLS setup is secure.

Account Security: Password Encryption and Credential Management

Protecting user passwords is crucial to securing accounts and safeguarding customers from unauthorized access.

The Importance of Password Encryption

Storing passwords in plain text within a database is a risky practice and highly discouraged. Use hashing to ensure password confidentiality and protect users from attacks.
Example: In a multi-level system where each user has distinct privileges, unauthorized access could compromise sensitive information (e.g., a technician should not have the same access level as a director).

Hashing and Salting Passwords

  1. Using “Salts” : A salt is a key added to the password before hashing, making each hash unique even for identical passwords.
  2. Password Hashing : Utilisez des algorithmes de hachage tels que SHA-256 au lieu de MD5 ou SHA1, qui sont aujourd’hui vulnérables.
Example: When a user creates an account, generate a unique salt, combine it with the password, and then hash the result. Storing the hash and salt together makes rainbow table attacks much more difficult.

Recommendations for Password Choice

  • Use a strong password of at least 8 characters, including uppercase and lowercase letters, numbers, and symbols.
  • Avoid reusing the same password for multiple accounts.
  • Regularly update passwords to minimize risk.

Implementing Security Questions for Enhanced Security

Security questions are an additional layer of protection to verify user identity during password recovery.

Choosing Security Questions

  • Select questions with answers that are hard to guess and known only to the user.
  • Provide an option to update security questions via the dashboard for added security.
Example: Choose two questions from the provided list in your security profile, and ensure the answers are confidential and not obvious.

Additional Best Practices

  1. Never Share Your Credentials : Avoid sharing your password with anyone.
  2. Use Multi-Factor Authentication (MFA) : Integrating two-factor authentication significantly strengthens account security.
  3. Account Monitoring : Enable login notifications to alert users of suspicious access.

Security Tips for Protecting Your FedaPay Merchant Account

Securing your merchant account is essential to prevent unauthorized access and protect your transaction data. Here are practical recommendations to strengthen your account security and reduce intrusion risks.

Create a Secure Password

  • Choose a password of at least 8 characters that includes numbers, uppercase and lowercase letters. A complex password is harder to guess.
  • Avoid reusing the same password across multiple accounts. In case of a data breach on another service, a unique password for each account minimizes the risk to your FedaPay account.

Keep Your Password Confidential

  • Never share your password with others, even with trusted individuals.
  • If you need to store your password, use a secure password manager.

Protect Your Devices

Ensure that your computers, tablets, and smartphones are protected with a firewall, spam filter, antivirus, and anti-spyware software. These tools help block intrusion attempts.

Be Vigilant Against Unsolicited Emails

  • Be cautious of unexpected emails and spam. Never click on links or attachments from unknown sources.
  • Avoid responding to emails asking you to confirm sensitive information, such as your credentials or financial details.
  • Immediately delete any email that promises rewards or selection for a contest you didn’t participate in.

Fraud Management Policy

Despite robust security measures, fraud incidents may occur. FedaPay has implemented a fraud management policy to protect both merchants and their customers.

Examples of Possible Fraud

  • Unauthorized Transactions : Fraudulent access has allowed transactions to be made from a customer’s account.
  • Declined Responsibility : A customer claims they are not responsible for a purchase made through your site.
  • Delivery Issues : The customer has not received their purchase within the agreed timeframe.
  • Defective Product : A dissatisfied customer requests a refund due to a defective product or service.

Our Protection Commitment

FedaPay has designed a policy to address these cases, protecting your interests while ensuring customer satisfaction. This approach promotes fair resolution for all parties involved, helping maintain trust and resolve disputes in a transparent and effective manner.