Security in your store

Last updated

Customers leave some of their most sensitive information in your online store: their names, addresses, and credit card details. That’s why it is necessary to be sure that all of the data in your store is processed in a completely secure way and can’t be accessed by violators. Find out what we do to protect your customers’ data.

In this article:

Stores always run via HTTPS

Online store is always launched using an HTTPS connection. You can always verify this by inspecting the Network session of your store.

In order to indicate that the checkout is secure, store shows a padlock image on the checkout page.

padlock.png

If you installed store on your own website, remember to take care of the site’s security. Whether you do it or not, your store will stay secure anyway, but it is best to protect the site itself as well.
 

Online store doesn’t collect credit card information

Your store in particular doesn’t deal with your customers’ credit card information. We don’t collect, store or process such data in any way.

Instead, we support a number of popular payment gateways that process your customers payment information. All of these payment processors can be divided into two groups based on the way theyinteract.

Payments on the payment processor’s secure page

When a customer places an order, Online store sends the order information to the payment processor and then redirects the customer securely to the payment gateway’s website page where they enter their credit card information. When the payment is done, the payment processor sends a reply (callback) containing the payment status to store.

So, a customer’s payment information is processed on the payment processor side using a secure protocol.

Payments completed without leaving the store page

Some payment processors (Stripe, Square, etc.) are integrated with Online store quite differently.

When these payment processors are used in a store, customers are not redirected to the payment processor page. They see the payment form right on the checkout page of the store.

In this case store works within a customer’s browser. Meaning when a customer enters their credit card information, the data is not transferred to the server where your website or store is located. Store connects directly to the payment gateway via a highly secure channel and sends a request with the order information. This information is not transferred to our servers, and is not stored or collected by us. The payment gateway performs all the necessary operations with this data and returns a callback with the payment status to the store.

This solution was verified and approved by Qualified Security Assessor (QSA).

Online store is PCI DSS certified

PCI DSS stands for Payment Card Industry Data Security Standard, and Online store is PCI DSS validated Level 1 Service Provider which is the highest international standard for secure data exchanges for online stores and payment systems. This standard was created by Visa, MasterCard, AmEx, Discover and JCB and online stores must comply with it to be able to accept credit cards.

Online store uses secure hosting

All the data in your store — products, customers, general information — is stored with Online store, so we totally take care of it. We regularly check our system with security scanners, update the software and create backups of your stores. We keep the data on a secure hosting server — Amazon Web Services, the most reliable and secure solution.