Keep Your Payza Account Secure: Payza Security Settings Explained

Payza Account Security

Helping our members keep their Payza accounts secure is one of our top priorities. To give you all the necessary tools for protecting your Payza account, we have several security settings, letting you choose the right level of protection for your account.

Here is a summary of each security setting:

Password & Payza Transaction PIN

The default security setting for your Payza account protects your account with a password and a transaction PIN. You will create your password when you sign up for your Payza account. Your password must consist of:

  • Minimum 8 alphanumeric characters.
  • At least 1 capital letter.
  • At least 1 special character.

Along with a password, you will also choose your 4-8 digit Payza Transaction PIN when you complete your Payza account profile. Your Payza Transaction PIN is used to confirm and authenticate most of the actions taken within your account. Be sure to choose a secure PIN and do not share it with anyone.

Level 1: Suspicious Login Alerts

When creating your Payza account, Level 1 of the Advanced Security Levels will automatically be enabled. For this advanced security level, you will receive an email alert whenever your account is accessed from an unrecognized device. This email alert will include details such as date, time, and place of login.

If you receive an alert without logging into your account yourself, you should immediately change your password and contact Payza Customer Support to report an unauthorized login.

For those that want even more protection for their account, we have two other Advanced Security Levels to choose from. Before you can enable these, you are required to set up a Payza Avatar and custom message:

Payza Avatars & Custom Message

The Payza Avatar and custom message are security features that will greet you whenever you log in to your Payza account and confirm that you are on the authentic Payza login page.

How To Create an Avatar and Custom Message

  1. In your Payza account, click on your name in the top left part of your account.
  2. Select “Advanced Security Setup”.
  3. Build your avatar using the options available.
  4. Edit your custom message to the right of the avatar.
  5. Enter the Transaction PIN you created when completing your profile.
  6. Click on “Set Up Security” to save.

After you set up your Payza Avatar and custom message, you can either keep Level 1 of the Advanced Security Levels or choose one of the two other Advanced Security Levels:

Level 2: Suspicious Login Authentication

The second advanced security level generates a one-time use authentication code that will be sent to your email whenever you attempt to log in from an unrecognized device. You will need to enter this code to log in to your Payza account within a specified time frame.

For many people, this is the right amount of protection they need, but Payza also has one higher level for the strongest security:

Level 3: Two-Factor Authentication

This security level sends a code to a paired smart device such as a smartphone or connected tablet every time you try to log in to your account. To access your Payza account, you will need to enter this code along with your username and password.

For Payza’s 2-Factor Authentication, you must use the Google Authenticator (GA) app.

Here are the steps for setting up 2-Factor Authentication:

  1. Install the Google Authenticator (GA) app on your mobile phone or tablet.
  2. In your Payza account, click on your name in the top left portion of the screen then select Advanced Security Settings.
  3. Select “Level 3: 2-Factor Authentication” and click “Set Up Two-Factor Authentication”. Instructions will appear on screen to help you complete the following steps. After completing this step, you will be presented with the following window:
  4. Scan the QR code you received to pair your Payza account with the GA app. This QR code can be scanned through your mobile device or you can enter the code manually.
  5. Upon completing step 4, you will receive a verification code in the GA app. In your Payza account enter the code where it says “Verification Code” in the Two-Factor Authentication Setup window. This step will synchronize your smart device with our system.

With 2-Factor Authentication enabled, whenever you try to log in to your Payza account you must first open the GA app to view the login code. Enter this code in the login screen along with your username and password to access your account.


Payza is dedicated to protecting your information and your account, but you also have to do your part to keep your account secure. Always keep your login and account details confidential, never reveal any personal information publicly, such as on social media platforms, and do not share your avatar image or welcome message.

If you need any further help or if you have any questions concerning Payza’s security settings, feel free to contact our customer support.

For all the latest Payza tips and news, be sure to subscribe to the Payza Blog and follow us on Facebook and Twitter.

How To Protect Your Cryptocurrency: Keep Your Bitcoin and Altcoins Safe

Protecting Cryptocurrencies

2017 has been a breakout year for cryptocurrency. Not only Bitcoin, but altcoins such as Ethereum, Dash and Litecoin have also seen amazing increases in value this year. However, this creation of wealth has left many people asking: How can I protect my cryptocurrency?

Cryptocurrencies are decentralized, giving people the opportunity to take away the middleman: you are your own bank. However, this also means that you are responsible for protecting your cryptocurrency.

It takes understanding and responsibility to protect your cryptocurrency and to keep it secure. You don’t want someone to hack your machine and steal your valuable cryptocurrencies.

If this is too much pressure, services like Payza and online cryptocurrency exchanges can be used to hold and protect coins on your behalf. These companies take the responsibility of holding your Bitcoin and altcoins, making it less likely that your coins will one day be lost.

Here are some things to consider when securing your cryptocurrency:

Setting Up

Hacking and phishing attacks are among the biggest security threats to your cryptocurrencies, so you must set strong passwords for your wallets and all accounts that deal with cryptocurrencies.

Keep these tips in mind when setting up or using your cryptocurrency accounts:

  • Use different passwords for every account you use to limit any damage that can be done by hackers.
  • Use a unique email when opening accounts on each exchange and only use that email address for that specific exchange.
  • Enable two-factor authentication for your exchange accounts. This adds a software to your smartphone which adds extra security to your account. Without two-factor authentication, a hacker only needs your username and password to empty your balance.
  • Don’t store your wallets and passwords in the same place or an attacker can gain access to both your passwords and your wallet at the same time.
  • Never mention what exchange or wallet you use on social media or online forums. Any information you post online can be turned against you.
  • Maintain backups of your cryptocurrency wallets and recovery phrases to ensure your coins aren’t lost for good if something happens to your main device. External hard drives, USB sticks, and encrypted backup files can be used to secure your recovery options and programs like VeraCrypt can encrypt these sensitive files.

Difference Between Wallets & Exchanges

When dealing with cryptocurrencies you usually have to deal with private keys. Private keys are used to access your wallet and to authenticate transactions. If you lose access to your wallets, private keys can also help you recover them. A private key is unlikely to be hacked but it can be discovered in other ways, so the most important thing you can do is protect your private key by not sharing it.

When you control your private keys, you have full control over your cryptocurrency. This is the key feature of most wallets. However, securely handling a private key is a big responsibility and when your coins are kept in an exchange, these exchanges will hold your cryptocurrency for you.

Exchanges are made for, well, exchanging. You can use them to convert your cryptocurrency into other cryptocurrencies or into fiat. Because you don’t have as much control over coins held in an exchange, you may face withdrawal limits and processing delays when you are ready to move your coins. When using multiple exchanges, it’s a good idea to divide your cryptocurrency among them. Don’t keep all your cryptocurrency in one place. This will spread out your risk and makes it harder for someone to compromise all of your accounts.

While an exchange is better suited to help you convert cryptocurrencies, a wallet is better for storing and sending coins. With a wallet, you have full control over your coins, and you get to decide exactly when you want to move your coins and where you want to send them.

Understanding the Different Types of Wallets

A cryptocurrency wallet is a secure digital wallet where you store, send and receive your cryptocurrencies. Most coins have an official “core” wallet, usually issued by the same team that worked on the software of the coin itself. As secure as they are, these wallets can be very heavy. In computing terms, this means they contain a lot of data, which uses a lot of space on your hard drive and a lot of your computer’s resources. This is especially true for the Bitcoin core wallet, which contains a record of every single transaction ever confirmed by the Bitcoin blockchain!

If you just need to store your cryptocurrency, that is you’re not planning on trading them anytime soon, you should keep them in a cold wallet. A cold wallet stores cryptocurrency offline, completely disconnected from the internet. This reduces the hacking risk online, as it takes your coins off the exchanges and out of the cloud. With a cold wallet, you can keep receiving cryptocurrency, but you can’t send coins until it’s connected.

A hot wallet is connected to the internet for regular transactions. When comparing wallets, you can think of the hot wallet as the wallet that you carry around in your pocket or your checking account for daily transactions, while the cold wallet works as your long-term savings account or retirement plan.

The different types of cryptocurrency wallets include:

  • Desktop Wallet: this is installed on your desktop computer and gives you access to and control over your wallet. This wallet is only accessible from the computer on which it is installed and offers a high level of security. However, it’s at risk if something happens to your computer. Examples of desktop wallets are Exodus, mSigna, and Copay.
  • Mobile Wallet: this is run from an app on your smartphone for the most convenient but most vulnerable option. These wallets need to be backed up securely; if you lose your phone, or it is compromised, you could lose your cryptos with it.
  • Online Wallet: this is a web-based wallet, which means that your data is stored on an online server, making it easier to access it from anywhere. However, since your private keys are stored online with this wallet, they are more at risk of hacking and theft. Examples of online wallets are Coinbase and Blockchain.
  • Hardware Wallet: wallets such as the Ledger Nano S and Trezor are built to specifically hold cryptocurrency and keep it secure. You can turn them into hot wallets by connecting them to your computer, then take it offline once you’re done. You don’t need a specialized device for a hardware wallet, even USB sticks will do.
  • Paper Wallet: the most basic form of a wallet involves a pen and paper. Simply write out your private key and you will be able to recover your wallet if you ever lose access to it. You can also print out a QR code for both your public and private key, which avoids storing data digitally, providing a high level of security.

Transaction Safety

Because of the irreversible nature of cryptocurrency transactions, it is very important to ensure that you have entered the correct wallet address. If you send coins to the wrong address, it may not be possible to recover it.

When using different cryptocurrencies, it is important to understand how they work before making transactions. Certain cryptocurrencies can have special requirements or safety precautions that should be taken. For example, with IOTA you should always use a new address when you send your cryptos, otherwise your security is reduced. With Ripple, there can sometimes be two parts to the address: a wallet address and a destination tag. If the proper destination tag is not included, the coins you send can be lost or end up in the wrong account.

Another risk to watch out for are trojans that have been detected lurking on people’s computers. When the victim copies a cryptocurrency address to send tokens, the trojan will swap the wallet ID that was copied for its own malicious wallet address in payment fields. Therefore, pay careful attention to the cryptocurrency address you are sending your cryptos to.

Other Threats

Phishing attacks, Ponzi schemes, and ransomware are all common types of cyber fraud and theft of cryptocurrencies. There have been reports of cybercriminals sending phishing emails with infected attachments that give the attacker access to the victim’s computer and their wallets. Always be vigilant when dealing with suspicious emails and attachments, especially when you are unsure of their source.

Also, pay attention to the exchanges you’re using. Make sure they’re reputable and secure. Follow the news and avoid those that experience many technical issues or have strange policies.

Lastly, spread the word and tell others about these security measures. If all participants in the crypto community pay attention and take their security seriously, the threat of cybercriminals will be reduced.


As the popularity of cryptocurrencies grows, Payza’s cryptocurrency features and services have grown as well. We are committed to giving our members a complete online payments solution, which is why we’re proud to offer a unique range of Bitcoin and altcoin services.

For more helpful articles about Bitcoin and other cryptocurrencies, be sure to subscribe to the Payza Blog and follow us on Twitter and Facebook as well.

Stay Safe on Your Smartphone: 8 Helpful Tips

Stay Safe on Your Smartphone - 8 Helpful Tips

We love the convenience of our smartphones today, as they let us get much done so quickly. In many ways, smartphones are replacing computers for many tasks, but are you aware of the risks that come with using your smartphone? Do you know how to stay safe when using it?

Cell phone safety is, or at least should be, a top priority for people all over the world. Our smartphones carry so much personal information that it’s important to make sure that your privacy is always protected when using your phone.

Ensuring that your smartphone stays secure and private is not as difficult as it sounds, it just takes some awareness and effort. This October, for National Cyber Security Awareness Month, we offer you 8 tips on how you can stay safe on your smartphone:

Protect Your Info with Passwords and PINs

Use a PIN or a password to protect your smartphone and make sure that they are strong and secure. There are hackers today that are experts at cracking passwords, so if your password is easy to crack, your smartphone is at risk. The Payza blog has tips on how you can create a strong and distinct password.

Your SIM card should also have a PIN. If your phone is stolen, the thief can take out your SIM card and use it in another phone to access your personal information. Stay even more secure by enabling this PIN code in your phone’s settings.

Also, enable an automatic lock screen so no one else can access your phone without unlocking it first, because when leaving your smartphone unattended someone can access it to extract much vulnerable information in just a couple of minutes.

Be Careful with Links and Downloads

Cyberattacks come in many different forms and most commonly your phone is at its greatest risk when downloading or opening files or links that contain malicious programs. That’s why it’s important that you do not click on links in text messages and emails unless you know that they are legitimate and trust the source. Pay attention though – hackers and identity thieves today send malware through phishing emails and text messages that are tailored specifically for you, by using information they find on social media. So always think twice before clicking on a link or downloading an attachment to your phone.

Be careful when downloading new apps as well and only get them from legitimate sources such as Google Play or iTunes. Some sites may be operated by cyber criminals and offer free or pirated apps that contain malware. If you’re unsure about an app or a website, read the reviews first, as this can help you avoid anything suspicious or threatening.

Keep Your Security and Operating System Up to Date

Always make sure to download the latest update for your operating system, as these updates often contain changes that make your smartphone even more secure. Some phones install these updates automatically, but you can also check your phone’s settings to verify if you need to install any new updates.

Mobile Security

You may already be protecting your computer with a security program, but did you know that you can protect your smartphone the same way? There are many good security software programs available for your phone that can provide protection from viruses, malware, unauthorized access to apps, and ransomware. Some of these apps can even help detect phishing emails! Therefore, be sure to install anti-virus software for your phone.

According to Technofizi, these are the 5 best anti-virus for iOS: Avast Secure MeLookout Mobile SecurityMcAfee Mobile SecurityNorton Mobile Security, and VirusBarrier.

According to Techradar, these are the 5 best security and anti-virus for Android: AVL, Avast Mobile Security, Bitdefender Antivirus Free, McAfee Security & Power Booster Free, and Kaspersky Mobile Antivirus.

There are also programs you can install that let you lock your smartphone remotely and use GPS signals to locate it in case you lose it, and even wipe the phone of its data if necessary. This way, you can stay secure even if your phone is lost or stolen. For iOS, there’s the iPhone Activation Lock that does this automatically when you have the “Find my iPhone” activated, and for Android there’s an Android Device Manager called “Find My Device”.

Be Careful when Using Public Wi-Fi Network

When connecting to a public Wi-Fi network, read the full Terms and Conditions before accepting them – make sure you know what information you’re giving up for the web access you’re getting. David Nield, freelance tech and science writer, suggests that if you have an alternative email address, you should use that. When possible, be sure to use the advertised, official Wi-Fi networks provided by the hotel, airport, restaurant or bar you’re visiting. Do not use an open Wi-Fi network if you don’t know who the provider is.

When using a public Wi-Fi network, you can not be sure if you’re using the one you think you are using, or the Wi-Fi of an identity thief sitting nearby. It is thus recommended to use a VPN (Virtual Private Network), which in the words of Steve Weisman, expert in preventing cyber scams and identity theft, “enables you to send encrypted communications through a separate and secure private network while you are on a public network.” To stay even more secure when using a public Wi-Fi network, you should not access sites that contain financial or private data, such as banking or shopping apps, or even your email. You can still use a public Wi-Fi network, just be careful when doing it.

Back Up Your Data

Today ransomware presents a big threat for your smartphone. These programs block access to your data and make it difficult to recover. It’s important to regularly back up the data on your phone to your computer, the cloud or an external hard drive. On many smartphones, you can set your data to be backed up automatically in the cloud. If your phone doesn’t have this option, there are apps that can do it for you.

Do Not Stay Logged In or Use Auto-fill

It is convenient to stay logged in to certain apps, but that also makes it easier for an attacker to access these apps and the personal information stored within it. Techradar recommends you to log out of apps when not using them to keep your smartphone even more secure. Do this especially for banking and shopping apps that contain bank account details, or for email accounts that contain personal information.

Do not save your personal information, such as passwords and credit card information, on websites that you visit on your smartphone either. Storing this type of information on your phone makes you more vulnerable to hackers.

Turn Off Functions You’re Not Currently Using

There are settings you should turn off when you’re not using them, such as Bluetooth, location services, Wi-Fi or mobile data. According to Steve Weisman, nearby hackers can use these functions to connect to your smartphone.

In addition, to keep your money and identity protected, be sure to close any apps that are running in the background before using your smartphone for banking. According to Symantec Canada, viruses and dangerous software attached to other apps can otherwise run in the background and monitor your banking activities.


You should always be cautious about how you use your smartphone. By following these precautions, you can ensure the security of your smartphone and protect your personal information.

When you download the Payza App on your smartphone, make sure you download it from Google Play or iTunes directly, and not from some any other seller or developer.

For more security news and tips from Payza, visit the Online Security section of the Payza Blog and follow us on Facebook or Twitter.

Payza Introduces New Advanced Security Levels and 2-Factor Authentication

Payza Advanced Security

At Payza, security for our members is very important. One of our top priorities is to keep your Payza account safe and completely protected. We have our unique Payza Avatars that protect against so-called “Man-in-the-browser” attacks and to protect against hacking we provide different security levels for our customers to choose from. To ensure the best security against threats such as phishing and hacking we regularly update our security settings.

We are proud to announce that our advanced security options have become even more robust – you now have even more security levels to choose from.

These enhanced security features give you as a Payza member three additional advanced security levels to choose from to help protect your Payza account. If these settings are more protection than you need, you can always stick with Payza’s standard security setting.

Here’s a look at how each of the different security levels work to help protect your account.

Payza Advanced Security Levels Explained

Payza Advanced Security includes a Payza Avatar and three different security levels. When you create your Payza Avatar, you will be asked to choose an Advanced Security level. If you would like to keep the standard security setting, you will not need to create a Payza Avatar.

When setting up your advanced security you must first select your Payza Avatar and then choose one of these three advanced security levels:

  • Level 1: Suspicious Login Alerts. You will receive an email alert that informs you when your account was accessed from an unrecognized device. In this email alert, you will find details such as date, time, and place of login. Note that if you already have a Payza Avatar, this will be your default Advanced Security setting.
  • Level 2: Receive Authentication Code. Upon logins from unrecognized devices, you will receive a one-time use authentication code sent to your email. This code will be valid for 15 minutes. You will need to enter this code to log in to your Payza account.
  • Level 3: 2-Factor Authentication. This security level sends a code to a paired smart device such as a smartphone or connected tablet. To access your Payza account you will need to enter this code along with your username and password. You must have your paired smart device with you whenever you log in to Payza.

Setting Up 2-Factor Authentication

To set up 2-Factor Authentication, the highest security setting Payza provides, you must use the Google Authenticator (GA) app. Access the advanced security settings within your Payza account to get started.

Here are the steps for setting up 2-Factor Authentication:

  1. In your Payza account, click on your name in the top left portion of the screen then select Advanced Security Settings.
  2. Select “Level 3: 2-Factor Authentication” and click “Set Up Two-Factor Authentication”. Instructions will appear on screen to help you complete the following steps. After completing this step, you will be presented with the following window:
  3. Install the Google Authenticator (GA) app on your mobile phone or tablet.
  4. Scan the QR code you received after completing step 2 to pair your Payza account with the GA app. This QR code can be scanned though your mobile device or you can enter the code manually.
  5. Upon completing step 4, you will receive a verification code in the GA app. In your Payza account enter the code where it says “Verification Code” in the Two-Factor Authentication Setup window. This step will synchronize your smart device with our system.

From now on whenever you try to log in to your Payza account, you will receive a code from the GA app. Simply enter this code in the login screen along with your username and password to access your account.

If you need any further help or if you have any questions concerning Payza’s updated advanced security settings, feel free to contact our customer support from your account or via the Payza Support Page. For more information and to stay up to date with the latest Payza news, be sure to subscribe to the Payza Blog and follow us on Facebook and Twitter.

Review Your Online Security: Large List of Hacked Email Accounts Being Sold Online

Payza Security

The internet can be a dangerous place, so we want to make sure you are protected. Payza takes your security very seriously and we take all the necessary precautions to protect your information and your money, but there are things you can do as well.

A new report came out last week detailing how 21 million Gmail accounts and 5 million Yahoo accounts are being sold online, all for less than $500 USD. It’s a scary reminder of how easily and freely sensitive information like this can flow through the internet.

It’s also a reminder about how important it is to use techniques that will help you protect yourself against these data breaches, even if your information is compromised.

How hackers use your data

When hackers get a hold of usernames and passwords they will often try them on lots of different websites. Hackers know that most people use the same password for all, or most, of the websites they log into.

This is why you should always choose a unique password for your Payza account. If one of your username and password combinations has been compromised, don’t put your Payza account at risk. Keep it safe by using a different password for Payza than you use for other online accounts, especially your email account.

Most of the passwords that were discovered for sale were compromised in breaches from 2016 or earlier. If you haven’t updated your passwords in the last three to six months, it’s a good idea to change them as soon as possible.

This type of security breach is unfortunately becoming more and more common. That is why we recommend updating your passwords regularly.

Payza’s tips on good password practices

At Payza, we’re always looking for ways to keep your data secure. We have procedures in place to protect your information and your money, and we are constantly reviewing and improving our security practices. We do our part, but the most effective way to protect your account is in your hands: using a strong, unique password and updating it regularly.

Here are some tips on how to make sure your account is as secure as possible:

Use a unique password for your most important accounts: Ideally, you should use a unique password for every website you use. We understand that can sometimes be difficult, so we’ve already written about a good password formula that will help you accomplish this.

If you do end up deciding to use the same password for multiple websites, you should still pick a new password for highly sensitive accounts, like your email accounts and e-wallets. This will help protect your accounts if one of the sites you used is ever compromised.

Update your passwords regularly: Hackers can’t use your old passwords against you if you’ve already changed them. Even when a big security breach occurs, it usually takes time for attackers to use the information they’ve collected. By changing your passwords regularly, and always picking new passwords that you’ve never used before, you will make it very hard for attackers to do anything with your information even if they do get their hands on it.

Check if your accounts have been compromised: There are online databases that keep track of security breaches and that can help you discover whether or not your accounts have been hacked. You can use sites like https://hacked-emails.com/, https://www.hacked-db.com/ and https://haveibeenpwned.com/ to check if your account has ever been compromised. If it has, be sure to update your passwords right away!

For more security news and tips from Payza, visit the Online Security section of the Payza Blog.

5 Tips to Help You Be Safe When Shopping Online This Holiday Season

Are you one of the increasing numbers of shoppers who embraces the convenience of making holiday purchases online? If you said yes, you’re part of a rapidly growing sector of consumers. Analysts predict that online retail sales this holiday season will surpass $94 billion this year, a new record.

If you’re like the majority of today’s consumers, making online purchases has become second nature and e-commerce is the new normal. Our collective acceptance of digital retail outlets, however, should not make us so complacent that we overlook the emerging risk of fraud.

A recent article in Forbes surveying 125 retailers found that online fraud attempts are estimated to increase by 43% this year. That’s a big jump. Rather than feeling anxious, these stats should motivate us to look for simple strategies to help minimize risks when shopping online.

With the right advice, it’s easy to shop online safely and benefit from great deals on holiday purchases. Here are 5 safety tips you can start using right away.

Review your transaction history often

Rather than waiting for your monthly statement to arrive, we recommend occasionally reviewing your transaction histories for your credit card, bank account, and Payza account. Make a quick review each week in December and January when your transactions are at their highest. If you wait for your statement to arrive, this high volume makes it more difficult to identify unauthorized purchases.

If you spot a transaction that you don’t remember making, report it immediately to your bank, credit card company, or Payza.

Watch out for phishing emails

Fraudsters know  you are shopping online more than usual during the holidays, which makes keeping track of all the online stores you visit and purchases you make more difficult. Expect more phishing email scams to show up in your inbox as cyber criminals try to take advantage of the holiday rush. Beware of fraudulent emails claiming there is a problem with a recent purchase made at a popular online retailer, or that claims there is a problem with your bank or credit card. Be very suspicious of any email requesting your personal financial information, passwords, and/or usernames for any issue related to payments and online shopping.

For even more information about phishing emails, check out our blog article on how to identify these fraud emails.

Shop on sites you know and trust, read reviews for sites you don’t know

If a deal seems too good to be true, it probably is. There are countless websites claiming to have high-end merchandise for sale at bargain prices. Most online retailers are legitimate businesses, but some aren’t. Play it safe and limit your purchases to retailers you know. If there’s a deal you simply can’t pass up from a site you’ve never heard of, be sure to research the reputation of the retailer before making a purchase. This is especially important for online auction sites where the seller may not be associated with the website – read the reviews and feedback for sellers.

Beware of fake reviews as well. A high number of positive reviews posted over a period of months to years offer the best estimate of trustworthiness for a seller.

Update your anti-virus software and operating system today

Be certain that you have downloaded all recent updates to your anti-virus and operating system. This ensures your computer is protected from known malware, spyware, and spamware bots that lurk behind the scenes at some online retailers and infect online shopping cart payment gateways. Make sure you are using the latest version of your preferred internet browser as well. Browsers are updated regularly to remove software vulnerabilities known to have been exploited by cyber criminals.

Use secure payment methods and check security certificates

Credit cards and online payment options, like your Payza e-wallet, are more secure methods to make purchases online because they have built-in fraud prevention screening tools to help protect your information. These protections may be absent when you make purchases using direct money transfers or personal checks.

Be sure to only make purchases from websites that have encryption technologies that protect your personal information, such as SSL (Secure Sockets Layer) and HTTPS protocols (the “S” means “Secure”). You should see a “lock” icon next to the web address; when you click it, a security certificate should appear for that website; if no security certificate appears, you are likely at a fraudulent website and should navigate away immediately.

Additional resources

Here are even more tips and resources to help you stay safe this holiday season.

Updating Your Business Security Before the Holiday Shopping Season

Back-to-School season is behind us and that means consumers can take a well-deserved break from their shopping duties. Businesses, on the other hand, get no such break. The gap between Labour Day and Thanksgiving is a very important one: it’s the time when online retailers need to take a good hard look at their security practices and make sure they’re up to snuff in time for the demanding holiday shopping season.

Last year, e-commerce sales on Cyber Monday topped $3 billion in the US, marking the busiest online shopping day in American history. Consumers swarm to online stores and marketplaces on the first Monday after Thanksgiving, and if you’re not ready for them you could find yourself being left behind. Whether you run out of stock, your website crashes from too much traffic or, worst of all, you find your business (and your customer base) infiltrated by cybercriminals, if you don’t prepare your web store for the holiday rush this year, you may not be around next year to try again.

In 2016, Cyber Monday falls on November 28th, but every year consumers begin their holiday shopping sooner and sooner. With the amount of money that will be flowing through the e-commerce industry on Cyber Monday, there will be no small amount of hackers trying to take some of it for themselves. The promise of deals and the charm of holiday greetings are often used to disguise malware; many of your visitors could already be infected, so you need to make sure your website is fully prepared to sustain any potential attacks. The quicker you can prepare, the richer you’ll be New Year’s Day, and here’s how you get started:

  • Firewalls: Security experts are always trying to find new vulnerabilities before the hackers do, and each time they get more sophisticated so do the hackers. Regardless of the size of your business, firewalls are only strong if they are up-to-date, so make sure to have the latest rules and updates installed.
  • Patches: To circumvent firewalls, many attacks can happen through legitimate applications installed by your business. Firewalls view these programs as trustworthy, but if the program itself is vulnerable, hackers and malware can get into your network using that hole in your security chain. Before the highly vulnerable shopping season begins, make sure all of your applications are updated with the latest patches from their manufacturers.
  • Traffic: Monitoring the traffic on your website is most important during the busy holiday season. Cybercriminals attempting to make fraudulent transactions are counting on going unnoticed due to the heavy traffic. Make sure you address any red flags in your system right away.
  • Communication: Social media is not just for marketing. Monitor and engage in social media channels and respond through your customer service channels so that you can be the first to know if any shoppers are experiencing any suspicious activity or bugs in your system.
  • Maintenance: Being able to handle a high volume of traffic is not just important to your sales figures – the heavy load can cause some features to malfunction and open up vulnerabilities that hackers can use to launch an attack. It’s vital to have more than enough bandwidth capacity, so go with a web host you trust and opt for enough headroom to run smoothly even if your most extreme sales predictions come true.

Let’s not forget that sales are everything. High-bandwidth capacity isn’t just a security feature; if your website crashes, or even if it takes just a little too long to load, you’re going to lose customers. Running out of stock also means lost sales, so again, it’s better to have too much than too little. The busiest shopping day of the year, Cyber Monday, is your biggest opportunity to gain new customers that will keep coming back for the rest of the year, but only if you can handle the traffic.

And finally, if you skimp out on any our recommendations above and as a result, you experience a security breach, even a minor one, it’s going to do lasting damage to the level of consumer confidence you’ve worked so hard to build. The worst thing you can do before the holiday shopping season is to take security for granted.

KYC: The Key to Business Security

online security business

While the market shifts toward omni-channel commerce and the payments landscape becomes more diverse and less traditional, it has become a challenge for merchants to provide a functional and flexible way to handle transactions. To do so elegantly is key to customer satisfaction, and to do so securely is all the more important. This is where Know Your Customer (KYC) comes in.

The central element of business security is Know Your Customer.  This broad concept was first coined within the financial sector, KYC is now standard practice in a wide range of industries. When identifying the security needs of your business, there is no better place to start than by knowing your customer.

In brief, KYC is the practice of collecting data about your customers for a variety of purposes beneficial to your business. For businesses seeking to add payments functionality for their customers, implementing a company-wide KYC policy could be the determining factor in consumers and business partners choosing you over the competition.

Knowing your customer has three distinct advantages:

  1. Fraudsters lie in wait for a company that doesn’t take KYC seriously. If that turns out to be you, your business could be facilitating fraud, identity theft, money laundering, and terrorist financing without you even knowing it.
  2. Regulatory bodies keep careful watch on payment providers and financial institutions. A KYC-compliant business will have a smoother and more profitable relationship with their payment provider and other business partners.
  3. The data you collect by knowing your customers is an invaluable knowledgebase for understanding your consumer base, developing your products, and marketing around their needs and desires.

One cannot understate the importance of KYC in today’s digital marketplace, especially when you conduct your business online rather than face-to-face. KYC is central to operating a secure and sustainable business and it doubles as a tool to offer a personalized, omni-channel customer experience.

Why Implement KYC

In most jurisdictions, there is a basic level of KYC standards enforced by law. This is most stringent in the financial sector, with banks spending up to 500 million USD per year on KYC.

Because of the benefits of a robust KYC policy, most financial institutions choose to go above and beyond the basic requirements. Simply put, KYC is the most effective security measure there is. The costs associated with a sub-par KYC policy, which allows cybercriminals to conduct illegal activities using your product, service or platform, are much higher than the expenses involved in implementing KYC.

Failing to maintain adequate security controls not only puts you at risk but your business partners, banking partners and all of your law-abiding customers as well. This could result in fines, legal expenses, and long-term reputational damage. The only way to create a sustainable online business is to practice top-of-the-line security right from the beginning and to know every one of your customers at least in terms of their name and place of residence.

How to Implement KYC

There are countless KYC practices that fall under four main categories:

  • Customer Acceptance – Develop clear and explicit criteria for who you do business with and ensure that all of your customers are who they say they are.
  • Customer Identification – Develop procedures for customer identification at every step of the relationship, from submitting personal information such as addresses and bank accounts to carrying out a transaction and shipping a product.
  • Monitoring – Identify unusual and high-risk transactions, such as large or complex transactions that don’t fit the typical behavior of your customers, and subject them to an extra level of scrutiny.
  • Risk Management – Internal audits and compliance screenings as well as company-wide training programs should be in place to minimize both the frequency of risky activities and the consequences of security breaches.

Knowing your customer is key to operating a successful business and to providing a good experience for everyone you do business. To find out more about best practices in business security, visit the Payza Security Center.

Payza maintains a strict KYC policy above and beyond the basic requirements of customer due diligence and KYC compliance. For businesses seeking to offer the most secure and flexible payments functionality to their customers, visit Payza.com to learn more.

 

KYC fraud prevention customer support

An example of KYC in action at Payza: we use KYC data to prevent fraudsters from accessing your account.

7 Tips to Protect Your Business Against Cyber Criminals

Congratulations, you’ve made an effort and created a strong password for each of your online accounts. Now you can resume your daily routine, free from the worry that your business may be at risk of a cyber-attack.

Not so fast.

Although a strong password minimizes the likelihood of a security breach, it is not the be-all-and-end-all solution. Today’s cyber criminals are looking for various kinds of weaknesses in your organization. They need data, and will do whatever it takes to get it. Everything from credit card numbers, bank account information, Social Security numbers, email addresses, online passwords, and much more.

Unfortunately, small businesses and freelancers often dismiss the possibility that they could be targets of a cyber-attack. The truth is, cyber criminals consider your accounts to be easy targets. Without an information security officer by your side, they know your business is more vulnerable. The same holds true whether you are freelancing as a social media expert, taking online bookings for your next sight-seeing tour, or selling your ceramic coffee cups through your website. According to Symantec’s 2016 Internet Security Threat, 43% of cyber-attacks target small business because of their lack of knowledge and training on security. Just as the internet opens you up to new opportunities in e-commerce and freelancing, it also opens you up to new ways of being defrauded, scammed and robbed.

Don’t panic, though. There are some measures you can take to keep these criminals at bay and protect you, your business, and your customers from attacks.

Here are 7 additional tips to keep your business safe:

1] Make use of security certifications and encryption technologies that help protect sensitive data, and display any accompanying logos signifying that your website is safe. Immediately notify your clientele of any breaches in security. Protecting your clients’ information should be your top priority.

2] Learn as much as you can about how to avoid security risks and make the effort to participate in free webinars and reading online articles from trusted sources.

3] Get a good antivirus software, and keep it updated. IT security organizations like McAfee and AVG have loads of useful tips and tricks.

4] Always update your operating systems and web browsers.

5] Create and maintain internal and customer-facing risk management policies and procedures so your employees know what’s appropriate and what isn’t when working online. Establish clear Internet and social media usage policies as well as rules for using email safely.

6] Familiarize yourself with the contracts you have with your financial institutions and other business partners. Know your liability in case of losses through fraud and other security breaches.

7] As a freelancer, you must also protect yourself outside your home. For those times when you decide to work from a library or café, remember that most public networks tend to be unsafe and risky to use. Protect yourself using a Virtual Private Network (VPN); it will create an encrypted connection that acts like a tunnel between you and an outside server.

By following these tips, you are preventing yourself, your assets and your customers from falling victim to potential threats lurking online. Some of the most important changes a small business or freelancer can make to safeguard against data breaches are relatively simple and require minimal effort. Taking appropriate measures to ensure the trust of your current clientele is as important as making new ones. After all, your business depends on the trust built between you and your customers.

For more tips on securing your e-commerce business, visit the Online Security section of the Payza Blog and follow us on Facebook or Twitter.

Stay Secure and Use a Password for Your Payza Account that is Different From All Other Accounts

We want your account to remain safe.

Using the same, or similar, passwords online puts your account at risk—a risk that is easy to avoid.  

*********

password blog--email same as payzaPreventing security breaches is a top priority at Payza and we need your help to ensure your account remains safe from hackers. Your first line of defense is to use a strong and distinct password for your Payza account.

By distinct, we mean that your password to log in to Payza is different from your passwords for your email, social media, and other online accounts.

A common mistake is to reuse passwords because a security breach at one website can result in many online accounts being accessed by a cybercriminal.

If you reuse a password for your Payza account, please go change it now.

Changing your password is simple; here is how:

  1. Log in to your account.
  2. Click on your name next to your avatar in the top left corner.
  3. Select ‘Password’ and make necessary changes.

email password payza password distinct

Here we provide you with a guide on how to pick a great password and show how you can avoid common security risks by understanding how they occur in the first place. You will find at the end of this post additional resources about online security, scams and fraud.

password blog--no password remember formulaMemorizing complex passwords for all your online accounts is difficult and often frustrating. You can avoid this frustration and make strong passwords that are memorable if you use a strategy or “password formula”.

Consider this formula as an example: take the name of a website and replace letters in the name with a memorable word, and then add a sequence of numbers after a fixed set of letters.

So, “Payza” has two vowel “a”s; we can replace these vowels with a favorite color, say red, which makes the word “Predyzred”; then we can insert numbers after three letters, counting up from a favorite number, say 5. This results in a strong, distinct password generated by an easy to remember formula:

Payza password formula

By remembering the formula, you can figure out your password for any account (e.g., the same formula applied to a Twitter account would produce the password “Twr5edt6tre7dr”).

An added plus is that you can make a simple change to the formula, making it easy to change your passwords on a regular basis–e.g., count up from 6 instead of 5.

Indeed, you should change your passwords about once a month. So for this example, next month’s password for this Payza account will be:

password formula 2

Here are more excellent strategies and simple formulas for choosing strong and memorable passwords:

Invent your own password formula today; it’s fun.

 

Common ways hackers steal passwords and how you can protect yourself

Cybercriminals are very clever at finding ways to breach even the most complex online security systems. Even prominent government offices and corporations with extensive security systems, such as LinkedIn and Target, were recently embroiled in highly publicized security hacks.

At first it may appear that we have little control over these unfortunate security breaches; in fact, we all can take simple precautions to minimize the theft of our private information. Once again, changing your password on a regular basis is a great strategy to stop third parties from accessing your online accounts, especially since you may be unaware that a hacker acquired your user names, email addresses and associated passwords. Know that many hackers collect user names and passwords in order to sell them to other cybercriminals over the course of weeks, months, sometimes years; by changing your password frequently, you can render this hacked information useless before it is sold.  

 The second most important strategy is to remain vigilant when any online entity requests your password, especially when a site offers a reward or incentive.

 

password blog--free likes scamsA quick search on the internet will uncover countless sites that claim to have found “magical computer tricks” that enable anyone to acquire followers on social media or supercharge the search ranking of blog posts and online content–all for free.

Tempted by these rewards, unsuspecting internet users are directed to what looks like an official social media or website login page, where they are required to log in and then receive their reward. These login pages are in fact clone sites that record your user name and password.

 

Online payment platforms, including Payza, have identified similar scams that claim to offer simple computer tricks to instantly add free money to your account. Known as “money adders”, “hacks”, and “loot downloads”, we are certain that all of these sites are scams that never provide anyone with any benefit, especially not free money in their accounts. The take home message here is that you should only provide your Payza account information at our login page located at this web address:

log in address

If an unfamiliar avatar greets you, you know you are at the wrong site.

 

Stay vigilant and tell us about suspicious activity online

If you notice suspicious activity online or suspect an unwanted person has accessed your account, please report the problem to us so we can investigate immediately.

Our Fraud Prevention and Security Departments work hard to protect your account and personal information from cybercriminals. We appreciate your help in using great passwords and doing your part to ensure Payza’s payment gateway remains secure.

 

Additional resources

Want to know if unwanted people have access to your emails? Check if it is just you reading them!

See what popular online scams are circulating on the internet. How many do you recognize?

Read detailed descriptions of how hackers steal passwords and how you can prevent this from happening to you, here and here.

Check out these practical tips for online security written by our peers.

Here are previous posts on our blog and help desk about passwords.