Security: facts against member dispute

Functionality discussions and feature requests

Moderators: hugo, alexandre, rmvanarkel

Post Reply
cycloshost
Posts: 578
Joined: Mon Jan 30, 2012 8:12 am
Contact:

Security: facts against member dispute

Post by cycloshost »

Hi,

we are using the access password and the transaction password. We would like to know how to act in case a member assures he/she didn't make the payment and files a contestation.

With Cyclos can we assure that the person who is making a transaction is really the member?

How other projects are dealing with this scenario? Is planned any kind of digital signature for transactions? Is the transaction password equivalent to a digital signature?
cycloshost.com
Cyclos administration and hosting

gianfranco
Posts: 3
Joined: Wed May 22, 2013 4:29 pm

Re: Security: facts against member dispute

Post by gianfranco »

Hello, I am new to this forum and I'm just reading the former forum posts to familiarize myself with this community.
But the question below is, in my opinion too, very important. The trust in a system, that is in an economic community managed by such system, is pivotal to vehiculate and make growing the trust about each other and so about her/his promise to balance the economic exchanges one partecipate in.

I do hope there are already idea at this regard; on the contrary this item should be urgently and strongly addressed by the cyclos community or, at least being aware there is a strong social issue.
Thanks and regards,
Gianfranco

admin
Site Admin
Posts: 1420
Joined: Mon Jan 24, 2005 10:31 am

Re: Security: facts against member dispute

Post by admin »

Hi,

A transaction password can never give you 100% certainty that it was indeed the user (account owner) that made the payment. For example the user might he written the password down at a paper or in a digital file, and somebody could have used it. Passwords and security are not just a technical issues. Policies are very important. For example, having two passwords (login and transaction) is considered more save than using just one login password. Many things can be improved by configuration. Setting expire dates and prohibiting 'easy' passwords will also improve the security level. Confirmation by SMS and e-mail will also help. A good practice is to go trough the ISO27000 security standards.

We try to be as up to date as possible when it comes to security. Actually large part of our resources are being spend on security and data integrity. In Cyclos4 new authentication methods will be added such as biometric authentication, confirm by external channel (e.g. SMS).

Hope this helps,

Post Reply