Billing security features

From ISPWiki

Jump to: navigation, search

Any company should design, implement and maintain a coherent set of policies, processes and systems to manage risks to its information assets. Without a security policy, your customer's information and data integrity is at risk.

Secure operation in the billing system, customer support and provision of products and services cab be achieved through:

Authentication

Authentication is the process of verifying that "you are who you say you are". To access the billing system, a user must provide his login and password that he has specified when registering in the system. You and your users can modify your password in the General settings form.

Module«Billing security features»

Password security policy

Password policy is an important part of keeping secure in an online world. To set strong password requirements, go to the Global settings module -> the Security.

The following password requirements should be set up:

  • Password requirements - use lowercase letters, uppercase letters, numbers, special characters (such as !, $).
  • Using reCAPTHA - to assert that a user is a human being and not a computer program and prevent automated access to a system by computer programs or "bots". Once you have set up its parameters, your users will be asked to solve a captcha to be able to register in the billing system.
  • Password recovery - you can set up a password recovery procedure (either via SMS or email) in case you customers forget their billing access password.

Moreover, in the configuration file you can add the PassExpirePeriod parameter to provide the maximum password age. after it passes, a user will be asked to set a new password.

Access control

When adding new administrators of your company, you may allow them to use all the billing functions by selecting the "Full access" check box or choose those functions and modules that they needs to perform their routine operations.

If a user is fired, you can forbid him to access the billing system. Select an administrator, click the "Edit" icon Image:T-edit.pngand select the check box "Deny access".

Module «Billing security features»

In the Administrator management module - > Access permissions you can select functions that your support members will be allowed to access.

For example, there can be a number of modules related to financial operations, such as information about customers' balance of account, payments, expenses, reports and so on, that are normally used by members of you Finance department and accountants. You may want to restrict access to such information to members of technical support or developers.

In a similar way, you can go to the Users module to click the "Rights" Image:T-rights.png icon and select functions that you want your users to have access to.

Fraud protection

Identity theft and identity fraud are increasingly common problems these days. The great news is that Fraud Protect helps safeguard you from the threats to your identity

Following is the information on protecting your company to prevent theft that can be achieved through verifying your customer identity over the phone.

Go to the Fraud protection module and provide required parameters such as: verification system, phone numbers' filer and services to be verified prior to purchase.


Once you are done with configuration, a user will see the following banner on the toolbar when trying to order a service in the billing system:

Module «Billing security features»

A user must follow the "More information" link and provide his phone number that will be automatically verified and put into the user edit form.

Once user identity is verified, he will be allowed to proceed with order.

Was this helpful? Yes | No
Views
Personal tools