Security as a core principle
Learn how PayByLink by Ecomsight handles security.
Hosting
PayByLink by Ecomsight is hosted on Infomaniak servers, located in Geneva, Switzerland. Founded in 1994, Infomaniak has become a leader in secure web hosting and is widely recognized for its commitment to the highest standards of security and data confidentiality.
Infomaniak employs advanced security measures, including robust encryption protocols, physical server security, and regular audits, ensuring that your data is protected at all times. Their infrastructure is designed to meet strict European data protection laws, including GDPR compliance, making it a trusted provider for handling sensitive information.
Additionally, Infomaniak uses energy-efficient, environmentally friendly data centers, reflecting their dedication not only to security but also to sustainability
Learn more about Infomaniak security and data confientiality.
Admin Login Protection
Two-Factor Authentication (2FA) with TOTP
To enhance security, we require double authentication for admin logins. This involves Time-based One-Time Passwords (TOTP), where you must enter a unique code generated by an authenticator app in addition to your password. This extra layer of protection ensures that even if your password is compromised, unauthorized access is prevented.
Firewall and Brute Force Attack Detection
Our system is equipped with a firewall and brute force attack detection mechanisms. These features monitor login attempts and block suspicious activity, including repeated failed login attempts, which could indicate a brute force attack. This helps prevent attackers from guessing your password through automated methods.
API Key Security
For added protection, API keys used for sensitive operations are never exposed or readable from the client admin interface. This ensures that critical data, such as authentication tokens, cannot be accessed or exploited through the admin dashboard, further securing the communication between your admin and our backend services.
HTTPS and HSTS Preload for Domain Security
We ensure that our domain is always served over HTTPS, encrypting all communication between the browser and our servers. Additionally, we add our domain to the HSTS Preload List. This means that browsers are instructed to only connect to our site over HTTPS, and it also protects against certain types of attacks, such as protocol downgrade attacks and cookie hijacking. By preloading HSTS, we enhance security by ensuring that your browser never attempts an insecure connection to our domain.
Payment Links and Payment
We leverage industry-leading financial services like Stripe to ensure the highest levels of security for your transactions. Stripe is renowned for its advanced security protocols and compliance with international financial regulations, ensuring that all payments are processed safely and reliably.
To further safeguard your data, the creation and management of Payment Links, Products, and Promotion Codes are handled through our API, which utilizes restricted access keys. This approach minimizes the risk of API key exposure, limiting access to sensitive operations and ensuring that only authorized users and processes can interact with these critical functions.
By using restricted API keys, we reduce potential vulnerabilities and enhance the security and integrity of your payment processes, providing you with a reliable and secure platform for managing your business.
Learn more how Stripe handles security.
Interaction with the Support Team
All communication between PayByLink by Ecomsight and its users, including support inquiries, is safeguarded with end-to-end encryption provided by Proton Mail. This ensures the utmost security and privacy for your email exchanges.
For assistance or questions, feel free to reach out to our support team at paybylink@ecomsight.com, confident that your correspondence will be fully protected.