Enterprise guide Get started with B2BinPay Configure security settings and access permissions

Configure security settings and access permissions

B2BinPay readily supports KYC and AML procedures, enabling you to verify the identity of your clients and ensure compliance with anti-money laundering regulations.

Other security features include two-factor authentication (2FA) and robust notification and logging systems.

Important

We strongly suggest that you enable 2FA for better protection of your account.

However, please keep in mind that the security of your B2BinPay accounts is your own responsibility.

Manage access to wallets

You can grant access to your wallet to other persons or restrict it according to their assigned roles.

Each B2BinPay user is assigned a certain role. Some of the default roles include:

• Read only — this role is assigned by default to all users added to a wallet’s access list.

• Owner — a user with this role has the maximum permissions and cannot be assigned any other roles. This user has API access (the API credentials are sent to the owner’s email after registration).

• Admin — this role indicates that a user has API access to B2BinPay.

• Withdrawals with approval — users with this role can make deposits and get assistance using HelpDesk.

After creating a new wallet, you can manage access to it in the Access list section of the main menu. Here, you can find a complete list of your wallets along with users granted access to them, manage user permissions and view detailed logs.

For step-by-step instructions on managing access to wallets, see the following tutorials:

• How to grant access to your wallet

• How to restrict access to your wallet

Important

When granting access to your wallets, take special care to check that you are sharing your wallet with the right person.

Be aware that restricting access to your wallet is not enough to properly secure your account.

In particular, please make sure that, regardless of their roles, all users who have access to your wallets use strong passwords and 2FA.

To learn more, refer to the following documents:

• Manage your profile

• Manage your wallets

Follow best practices to protect your finances

Please make sure that you and all of your team members:

• use strong passwords that include uppercase and lowercase letters, numbers and special symbols

• use password managers for storing passwords

• never share passwords with anyone

• use 2FA

For related tutorials, see:

• How to sign up for the payment system

• How to change your password

• How to enable 2FA

Follow the guidelines below to better protect your account:

Generate new API keys after integration is complete

The API keys are sent to your email after registration.

When sharing your API keys with developers, generate new keys and reset access to B2BinPay after setup is complete.

For a related tutorial, refer to How to manage API access.

Take special care when managing access permissions

Make sure that your users are granted only those permissions that are necessary for completing their tasks. Such permissions include access to wallets and availability of various kinds of transactions.

In particular, you can assign the Withdrawals with approval role to all users, so that no transaction can take place unless it is explicitly approved.

For a related tutorial, refer to How to grant access to your wallet

Provide API access based on an IP safelist

Specify emails to notify the users of each wallet and implement safelists to grant API access only from trusted IP addresses.

For a related tutorial, refer to How to restrict access by IP.

Important

Before depositing funds to a newly created wallet, take time to properly configure user access and API access settings.

In addition, consider the following best practices:

• Use a safelist to grant access to the platform

  Apart from configuring API access, use a separate safelist to specify the IPs from which the B2BinPay user interface can be accessed.

  You can list individual IP addresses or define a subnet mask (such as the one used to assign your company IPs).

  Only static IP addresses must be included in the safelist, dynamic IPs are not supported.

  For a related tutorial, refer to How to restrict access by IP.

• Enable notifications for each wallet

  Make sure that you will be notified about any transactions made on each wallet. This way, you are able to detect suspicious transactions and intervene as quickly as possible.

  For a related tutorial, refer to Wallet settings.

Take immediate action if you account security has been compromised

Do the following if you come to suspect that someone has obtained access to your account:

1. Change your password as soon as possible.

Please note that changing the system password may take time.

If you use Google Authenticator, reopen the app to receive a new 2FA code.

2. Reset access permissions and check IP safelists.

At least temporarily, assign the Read only or Withdrawals with approval role to all users who have access to compromised wallets. In this case, any further transactions on these wallets may only take place after your approval.

In addition, restrict access to the B2BinPay user interface by removing non-trusted IPs from the safelist.

3. Immediately inform your account manager and follow the provided instructions.