🛡️Security
PayLux runs on a multi-layered security system designed to safeguard users, stop fraud before it happens, and keep real-money transactions safe. Here’s what’s working behind the curtain.
1. PIN Security System
Every user sets a private 4-digit PIN before accessing financial features.
How it protects you:
Required for subscriptions, purchases, transfers, and withdrawals
Never stored in plain text
Encrypted with salted bcrypt hashing
Failed attempts fully logged
PIN resets require verifying your current PIN
No backdoor access, not even for admins
2. 7-Day Fraud Protection Hold
New accounts must wait 7 days before withdrawing purchased points.
How it protects you:
Blocks “buy, transfer, withdraw, chargeback” fraud
Gives PayPal time to verify payments
Transfers between users are still immediate
Only withdrawals are affected
After 7 days, the restriction is permanently lifted
Protects the community from chargeback losses
3. Dual Balance System
Users have Total Balance and Available Balance.
How it protects you:
Total Balance shows everything you own
Available Balance shows what can be withdrawn
Removes confusion about withdrawal eligibility
Fraud holds are fully transparent
Automatic release from Total to Available after 7 days
4. Advanced Chargeback Recovery
The system responds instantly to fraudulent chargebacks.
How it protects you:
Tracks points through every transfer
Recovers fraudulent points from all recipients
Auto-bans users who initiate fraudulent chargebacks
Works even after multiple transfers
Recovers proportional amounts across accounts
Full audit documentation
All affected users are notified
5. PayPal Webhook Security
Every PayPal notification is verified before being processed.
How it protects you:
Cryptographic signature validation
Timestamp checks to block outdated events
Replay attack prevention
Strict rate limits to block spam
HTTPS/TLS mandatory
Multi-layer authentication
Suspicious requests automatically rejected
6. Complete Audit Trails
Every action is logged permanently.
How it protects you:
Full history for every user
Timestamps, amounts, recipients preserved
Admin actions included
Chargeback incidents documented
System errors tracked with unique IDs
Logs cannot be altered or deleted
Used for resolving disputes and spotting fraud patterns
7. Automated Fraud Detection
The system constantly monitors abnormal behaviour.
How it protects you:
Detects rapid transfers and suspicious amounts
Watches for new-account abuse
Flags coordinated activity
Real-time alerts
Automatic temporary restrictions when needed
Triggers manual review for unusual cases
8. Database Security
Your data stays locked down from end to end.
How it protects you:
Encrypted database connections
Sensitive data encrypted at rest
Secure connection pooling
Automated backups
Strictly limited admin access
Query sanitization to stop injection attacks
Geographic redundancy for disaster recovery
9. Rate Limiting & Anti-Abuse
Stops spamming, botting, and brute-force attacks.
How it protects you:
Cooldowns on all commands
Transfer limits based on subscription tier
Purchase and withdrawal caps
Webhook rate limiting
Failed PIN attempts tracked
Temporary lockouts for suspicious activity
Brute-force protection everywhere
10. Real-Time Monitoring & Alerts
The team is notified instantly when something goes wrong.
How it protects you:
Error tracking with IDs
System health checks
Chargeback alerts
Unusual activity alerts
Performance tracking
Immediate response to security incidents
24/7 automated monitoring during beta
Layered Defence in Action
These systems overlap intentionally. If one layer fails, the next one catches the threat.
Example fraud attempt: Buy → Transfer → Withdraw → Chargeback
What actually happens:
The 7-day hold blocks the withdrawal
Chargeback recovery traces and removes the fraudulent points
Offending user is permanently banned
Audit trail preserved
All affected users notified
This is why PayLux can confidently support real-money transactions, even in beta. The security is already production-grade.
Last updated