Security starts with identity
LuxPay protects accounts through layers: verified contact, a strong sign-in method, a known device, a bounded session, and additional verification for sensitive operations. Protection does not depend on one secret that can be stolen.
User practices
- Use a unique password and a password manager when possible.
- Enable biometrics after a trusted sign-in on your device.
- Never share a verification code, even with someone claiming to be support.
- Review new sign-in and device notifications.
- Close unfamiliar sessions and change credentials when suspicious.
- Type the LuxPay address or use the official app instead of message links.
Sensitive operations
LuxPay can request step-up verification for a new device, account recovery, higher limits, or a high-value refund. This does not mean the session failed; it means the decision requires more trust than the current session provides.
What support will not request
Support does not need your password, complete verification code, or secret key. It can use a safe reference and limited identifying information to locate the case.
If a device is lost, continue to Trusted devices. For safe escalation, read Support escalation.