This guide is aimed at our DingConnect retail and API partners. The document includes specific actions you need to take to keep your account secure and protected from fraud or other security breaches.
Archives for August 2020
Since Covid19, the world has moved online to do everything from virtual pub quizzes to online classrooms. Hackers and cybercriminals have been busy too with new phishing techniques and smarter ways to circumvent your security.
Online security has therefore never been more important.
This post is a guide for you to take advantage of the security we have provided to protect your DingConnect account from fraud. Whether you’re a retail partner using our Point of Sale system or an API partner, please follow the steps below to protect yourself. And as always, if you have any questions, reach out to email@example.com.
Your DingConnect account is your digital wallet. Someone who has access to your username and password has access to your wallet, so we highly recommend you secure your wallet by enabling 2FA in My Profile.
Also in My Profile, you can restrict access to your account from the IP addresses you list under IP/DNS Address here.
2FA stands for two-factor authentication, which means you need to authenticate your login in two separate ways – the first with your password, the second with a code that is sent to your phone. Enabling 2FA will give you peace of mind as it ensures that even if one of your authentication methods is compromised, the second method should still prevent unauthorised access to your account.
We recommend all our partners to ensure the password on their account is strong, changed regularly and never shared. Passwords are the first line of defense against unauthorised access to your computer and accounts. The stronger the password, the better protected you will be
You can restrict access to your DingConnect dashboard from a given IP address, DNS hostname, or multiple (by separating each with a comma). This means that a login to DingConnect will only be allowed from those IP addresses.
For DingConnect API partners, 2FA should also be set up on your DingConnect account, as it’s from here you create new API security credentials . Please follow the guide above to enable 2FA on your account.
If you’re not a DingConnect partner, to ensure your traffic is protected from fraud, please contact firstname.lastname@example.org with a list of IP addresses, subnets or DNS that you transact from, and we will ensure only transactions that are processed from those whitelisted will be processed.
DingConnect API Security
For DingConnect partners, secret API security credentials are generated in the Developer section, under Account Settings. Once created, you have the option to copy these to clipboard. These can never be accessed again through the portal.
You can lock an API key or oAuth client credentials to certain IP addresses or DNS hostnames, meaning requests using those credentials will only be processed if it originates from a whitelisted IP / DNS. With this feature, even if your API security credentials are compromised, only your servers will be able to use it.
This can be set up by clicking on the Edit link associated with each API Key or oAuth client credential.
Please remove and delete any API Key or oAuth Client Credential, if they are not in use.
We would be delighted to talk to you and help you with any questions you may have in relation to the security tips of anything else you might need. Just email email@example.com and one of our agents will be happy to help.