We have developed a web-based payment system where security, along with ease of use, is one of our primary concerns.
Special conditions for the OKPAY website and account usage.
- OKPAY uses an Extended Validation SSL Certificate which is clearly displayed in your browser. Security is ensured by 256-bit data encryption.
- Personal and financial data is encrypted on the OKPAY servers.
- Auto-logout after 10 minutes of inactivity - additional precaution against leaving the computer unattended.
- Display of the IP addresses that you have used to access your account. Helps monitor your access for any unfamiliar, and therefore suspicious, IP addresses.
- Account registration requires email address validation.
- Special requirements for a strong enough password (upper and lowercase letters, digits and special symbols, at least 8 characters in length).
- Regular password renewal every 6 months.
While OKPAY provides all the essential features aimed at account protection, customers determine the required level of account security depending on their individual preferences.
- Strong Customer Authentication - authentication procedure based on the use of two or more of the following elements: a) something only the user knows (static password, code, personal ID number); b) something only the user possesses (mobile phone, token); c) something the user is (biometric characteristic). The elements selected must be mutually independent, i.e. the breach of one does not compromise the other(s). At least one of the elements should be non-reusable and non-replicable.
Basically, this means that by enabling this security option the client will have to confirm every login attempt with a code - either delivered to, or generated by a device owned by the client. This is recommended as the most secure authentication option.
- Security Questions - This is additional protection against unauthorized password reset. Even if a client's email address is hacked, and a third party tries to reset the OKPAY account password by using the Forgot your password? link, this could not be done without knowing the answers to the security questions.
- IP Security - Limit access to your OKPAY account by whitelisting only certain IP addresses using the Country filter or by entering the list of IP addresses manually.
- Access Authorization - This security measure is used if the client did not enable any other security features. Whenever customer authentication is attempted from a different country or a subnet of IP addresses that is not associated with the account owner, the system sends an additional security code to the registered email address.
Besides general account security mentioned earlier on this page, OKPAY offers additional means of protection for merchants and business-related clients.
- Enable API Security in the Merchant Tools settings to filter out any unwanted IP addresses.
- Validate IPN messages for all incoming payments. Once the IPN authenticity is confirmed by the OKPAY server, you can safely process the order.
- Customize Payment Receiving Preferences (payer's country of origin, etc.).
- Use Payer Verification when accepting payments through additional methods (credit cards, wire transfers, etc.).
In any case, do not ignore the usual precautions
The functionality and normal operating of OKPAY are maintained by its security system and a set of remedies. However, the OKPAY Security Department considers it necessary to warn the customers once again of potential security threats on the Internet and remind them to exercise extreme caution at all times.
- Be aware of possible hacker activities! For your own security, keep your firewall and anti-virus software up and running, watch out for key-loggers and spoofed websites, and make sure the URL in your web browser address bar always begins with https://www.okpay.com.
- Upgrade your browser and your computer's operating system (OS) regularly - security issues make this upgrading essential. Practically all new browsers contain built-in protection from phishing (and, therefore, identity theft) and spyware.
- Please keep your passwords and access codes away from strangers.
- Remember to change your account password as often as reasonably possible.
- Keep in mind that we never ask you to email us your passwords and access codes.
- Be careful with your electronic mail and don't open messages from unknown senders and phishing emails. Don't answer such messages. They may contain viruses which can get into your computer and give swindlers everything they need to access your account.
- Don't download unknown programs even if they offer to reinforce your computer's protection - such programs may contain malware, adware, viruses, exploits, bots, etc.
- We recommend that you enable all the security options provided by OKPAY and use them at all times.
If you have any security concerns or want to ask a security-related question, please refer to our Support Service.