Since sensible customer data can be viewed in your payer account, it is our concern and duty to protect your account and the data it contain as best as possible.
Therefore, we follow common best practices and recommendations from relevant centres specialised in this topic (e.g. OWASP).
Hereinafter is a brief overview of measures we apply to ensure your safety and that of your customers.
Pwned Check on Password Assignment
If you set a new password for the first time or in the course of a password reset, we automatically compare the password with the so-called “Pwned”-Databases (These Lists contain passwords, which were stolen by from other websites by hacker attacks in the past). If your selected password is on one of those Pwned-Lists, we automatically reject this password for your own safety (even if it matches all of our password criteria, like capital letter, lowercase letter, number, special character) and request you to set a new password.
Security Precautions in the Event of Incorrect Password Entry
To protect your account from Bruteforce attacks (Attempts by hackers to guess your password by using innumerable attempts of guesses), our platform does not allow a larger amount of failed attempts within a short period of time.
Therefore, after a few failed attempts, you will be shown a Captcha, which you have solve correctly. If you enter your password correctly and solve the Captcha correctly as well, you will be logged in immediately. After this point, further unsuccessful attempts to enter the password or to solve the Captcha correctly can lead to a blocking of your account.
If you blocked your account, you can unblock yourself anytime by reseting your password. Click on “Forgot your Password?”, to receive a mail with a Reset-Link (to the mail address you used to register yourself). Please click on the Link and set a new password promptly, since the link is only valid for a short period of time due to safety reasons.
Two Factor Authentication (2FA)
In order to rule out unauthorized access to your account as far as possible, we ask you to enter a one-time code additionally, if you try to log in to your account in a way not yet known to us (e.g. foreign IP or new device). Please enter the code within 5 minutes to complete the login. The code expires after 5 minutes, but you can request a new code by clicking "Resend".
In the interest of fraud prevention and data economy, we strongly recommend to use our user management and set up individual access for each person in (or outside) your organisation who should have access to your payer account, so that each user can log in with their own e-mail address and own password.
Please only give users the rights they really need (here you have the option selecting individual apps and, within apps, choosing which action the user is allowed to perform). And remember to check your user overview at regular intervals for people who have left since (no longer working for you) and, if necessary, to delete corresponding users from your account.
It is not recommended that several colleagues share access and work at the same time - our platform allows only one login at a time per access (if colleague A is logged in at his computer and colleague B logs in on a different device with the same email and Password as colleague A, colleague A will be logged out automatically, and if thereupon colleague A logs in again, colleague B will be logged out).