We have developed a web-based payment system where security, along with ease of use, is one of our primary concerns.
Further on this page you will find information about the security features OKPAY has to offer for Business and Personal accounts in order to keep your money safe, and also about general safety precautions on the Internet.
Here are the special conditions for the OKPAY website and account usage.
- OKPAY uses an Extended Validation SSL Certificate which is clearly displayed in your browser. Security is ensured by 256-bit data encryption.
- Personal and financial data is encrypted on the OKPAY servers.
- Auto-logout is performed after 10 minutes of inactivity - it is an additional precaution against leaving the computer unattended.
- We display the IP addresses that you have used to access your account. This helps monitor your account for access attempts from any unfamiliar, and therefore suspicious, IP addresses.
- Account registration requires email address validation.
- There are special requirements for a strong enough password (upper and lowercase letters, digits and special symbols, minimal length of 8 characters).
- Regular password renewal is mandatory every 6 months.
While OKPAY provides all the essential features aimed at account protection, customers determine the required level of account security depending on their individual preferences. Use one of the following options or combine them:
- Strong Customer Authentication - authentication procedure based on the use of two or more of the following elements: a) something only the user knows (static password, code, personal ID number); b) something only the user possesses (mobile phone, token); c) something the user is (biometric characteristic). The elements selected must be mutually independent, i.e. the breach of one does not compromise the other(s). At least one of the elements should be non-reusable and non-replicable.
OKPAY uses 2-step authentication. It means that by enabling this security option the client will have to confirm every login attempt with a code - either delivered to, or generated by a device owned by the client.
Generating a PIN-code in an authenticator app is recommended as the most secure authentication option.
- Security Questions - This is additional protection against unauthorized password reset. Even if a client's email address is hacked and a third party tries to reset the OKPAY account password by using the Having trouble logging in? link, this could not be done without knowing the answers to the security questions.
- IP/country restrictions - This option allows to limit access to your OKPAY account by whitelisting only certain IP addresses using the Country filter or by entering the list of IP addresses manually.
- Access Authorization - This security measure is used if the client did not enable any other security features. Whenever customer authentication is attempted from a different country or a subnet of IP addresses that is not associated with the account owner, the system sends an additional security code to the registered email address.
Along with the general account security measures mentioned earlier on this page, OKPAY offers additional means of protection for merchants and business clients.
- Enable IP filtering for you API in the Merchant Tools settings to reject any unwanted IP addresses.
- Validate IPN messages for all incoming payments. Once the IPN authenticity is confirmed by the OKPAY server, you can safely process the order.
- Customize Payment Receiving Preferences (payer's country of origin, etc.).
- Use Payer Verification when accepting payments through additional methods (credit cards, wire transfers, etc.).
In any case, do not ignore the usual precautions
The functionality and normal operating of the OKPAY system is maintained by its security features and a set of remedies. However, the OKPAY Security Department considers it necessary to warn the customers once again of potential security threats on the Internet and remind them to exercise extreme caution at all times.
- Be aware of possible hacker activities! For your own security, keep your firewall and anti-virus software up and running, watch out for key-loggers and spoofed websites, and make sure the URL in your web browser address bar always begins with https://www.okpay.eu.
- Upgrade your browser and your computer's operating system (OS) regularly - security issues make this upgrading essential. Practically all new browsers contain built-in protection from phishing (and, therefore, identity theft) and spyware.
- Please keep your passwords and access codes away from strangers.
- Remember to change your account password as often as reasonably possible.
- Keep in mind that we never ask you to email us your passwords and access codes.
- Be careful with your electronic mail and don't open messages from unknown senders and phishing emails. Don't answer such messages. They may contain viruses which can get into your computer and give swindlers everything they need to access your account.
- Don't download unknown programs even if they offer to reinforce your computer's protection - such programs may contain malware, adware, viruses, exploits, bots, etc.
- We recommend that you enable all the security options provided by OKPAY and use them at all times.
If you have any security concerns or want to ask a security-related question, please refer to our Support Service.