Security

Security constitutes a fundamental pillar of the SimplePay platform, ensuring the safeguarding of all transactions and interactions against potential threats. The platform employs a comprehensive security framework that incorporates advanced encryption techniques, robust validation protocols, and secure wallet management, thereby fostering a reliable and trusted payment processing environment.

Core Principles of Security

Privacy and Autonomy

Non-custodial models prioritize user privacy by reducing data sharing requirements.
Users retain full autonomy over their assets, making this model ideal for decentralized financial operations.

Important:

SimplePay never asks you to provide mnemonic phrases or private keys from your wallets. That means we are have no control over your funds.

End-to-End Encryption

Ensures the confidentiality and integrity of all data exchanged between users, merchants, and the blockchain.

Sensitive information, including private keys and payment details, remains protected from unauthorized access.
All communications are secured utilizing industry-standard encryption protocols, such as TLS.

Illustrative Workflow:

User initiates payment -> Data is encrypted -> 
Blockchain processes transaction securely.

On-Chain Validation

Verifies all payments directly on the blockchain, providing:

Immutability: Transactions, once recorded, cannot be modified.
Transparency: Payment records are publicly accessible and verifiable, enhancing trust among stakeholders.

Operational Framework:

The merchant generates an invoice.
The customer initiates payment through their cryptocurrency wallet.
SimplePay validates the transaction on-chain, ensuring:
- Accurate payment amounts.
- Validity of the recipient address.
- Completion of the transfer.

Static Wallet Addresses

Enables merchants to utilize static wallet addresses for enhanced operational and regulatory benefits:

Facilitates predictable transaction workflows.
Simplifies financial reporting and auditing processes.
Aligns with legal compliance requirements in jurisdictions supporting cryptocurrency, such as El Salvador.

Note:

Static wallet addresses are particularly advantageous for seamless tax reporting and compliance.

Authentication and Access Control

Enhances the security of merchant accounts through:

Two-Factor Authentication (2FA): Introduces an additional security layer to deter unauthorized access.
Role-Based Access Control: Restricts access to critical features based on user-specific roles and permissions.

Illustrative Example:

Admin -> Full access to wallet and settings.
Employee -> Limited access to payment history.

Threat Mitigation Strategies

DDoS Protection

The platform incorporates advanced defense mechanisms to mitigate Distributed Denial-of-Service (DDoS) attacks, ensuring:

Uninterrupted platform availability.
Stability during periods of high traffic volume.

Routine Audits

Comprehensive code audits conducted by reputable third-party security firms.
Rigorous testing of smart contracts to identify and rectify vulnerabilities.

User Responsibility

While SimplePay provides a secure infrastructure, users are encouraged to:

Secure Their Wallets: Employ hardware wallets or other reliable storage solutions.
Avoid Phishing Attempts: Interact exclusively with verified SimplePay links and interfaces.

Recommended Best Practices:

Add at least one social provider to recover an account after lost.
Activate Two-Factor Authentication (2FA) upon account creation.
Regularly monitor wallet activities for any irregularities.

Glossary

End-to-End Encryption: Ensures data is secure from sender to recipient.
On-Chain Validation: Confirms transaction authenticity using blockchain technology.
Static Wallet Address: A fixed cryptocurrency address designated for receiving payments.
Two-Factor Authentication (2FA): An authentication process requiring two verification methods.

PreviousProtocol NextCollected data

Last updated 1 month ago