Security Guide

Security best practices and authentication methods for Marz Pay

API Key Security

Important Security Notes

  • • Never expose your API key in client-side code
  • • Don't commit API keys to version control
  • • Use environment variables to store API keys
  • • Rotate API keys regularly

Two-Factor Authentication (2FA)

Overview

Two-factor authentication adds an extra layer of security to your account by requiring a second form of verification in addition to your password.

Supported Authenticator Apps

Google Authenticator

  • • Available on iOS and Android
  • • Free to download
  • • Works offline
  • • Industry standard

Microsoft Authenticator

  • • Available on iOS and Android
  • • Free to download
  • • Cloud backup available
  • • Microsoft ecosystem integration

Setting Up 2FA

1

Go to your account settings and navigate to the Security section

2

Click "Enable Two-Factor Authentication"

3

Scan the QR code with your authenticator app

4

Enter the 6-digit code from your app to verify setup

Security Benefits

  • • Protection against password breaches
  • • Prevents unauthorized access even if password is compromised
  • • Time-based codes that expire quickly
  • • Works offline for enhanced security

Roles and Permissions

User Roles

Business Owner

  • • Full access to all features
  • • Manage business settings
  • • View all transactions and reports
  • • Manage team members
  • • Access to admin features

Team Member

  • • Limited access based on permissions
  • • View assigned transactions
  • • Create payments and collections
  • • Access to specific features only

Permission Levels

View Transactions Read-only access to transaction history
Create Payments Ability to initiate new payments
Manage API Keys Create and manage API credentials
View Reports Access to analytics and reports
Admin Access Full administrative privileges

Login Alerts

Real-Time Notifications

Receive immediate notifications when someone logs into your account from a new device or location.

Alert Types

New Device Login

Get notified when your account is accessed from a device that hasn't been used before.

New Location Login

Receive alerts when someone logs in from a different geographic location.

Failed Login Attempts

Get notified of multiple failed login attempts that might indicate a security threat.

Notification Methods

Email Notifications

Instant email alerts sent to your registered email address

SMS Notifications

Text message alerts for critical security events

Activity Logs

Comprehensive Audit Trail

Track all activities and changes made to your account with detailed activity logs that provide complete transparency and accountability.

Logged Activities

User logins and logouts
Payment transactions
API key management
Settings changes
User management
Permission changes
Security events
System activities

Log Details

Timestamp: 2024-01-15 14:30:25 UTC
User: john.doe@company.com
Action: Payment Created
IP Address: 192.168.1.100
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)

Benefits

  • • Complete audit trail for compliance
  • • Detect suspicious activities
  • • Track user actions and changes
  • • Investigate security incidents
  • • Maintain accountability

Security Best Practices

1

Enable Two-Factor Authentication

Always use 2FA to add an extra layer of security to your account.

2

Use Strong Passwords

Create unique, complex passwords and change them regularly.

3

Monitor Activity Logs

Regularly review activity logs to detect any suspicious activities.

4

Limit User Permissions

Only grant necessary permissions to team members based on their roles.

5

Keep Software Updated

Ensure all systems and applications are kept up to date with security patches.