Data Security for the BOOKSTORE
About Our Online Store - The TSI STORE does not handle customers' credit card information. Ecwid does not collect, store, or process data in any way. Instead, Ecwid supports several popular payment gateways. They can be divided into two main groups based on their interaction with Ecwid.
Ecwid is PCI DSS Certificated - and a validated Level 1 Service Provider, the gold standard for e-commerce solutions worldwide.
Payments on the payment processor's secure page - When a customer goes through checkout, Ecwid sends the order information to the payment processor and then redirects the customer securely to the payment gateway's website page (PayPal). It is where they specify their credit card information. When the payment is complete, the processor sends a callback containing payment status information to Ecwid. So, a customer's payment information is entirely processed on the payment processor side using a secure protocol and is not stored or collected by Ecwid in any way.
Ecwid is PCI DSS Certificated - and a validated Level 1 Service Provider, the gold standard for e-commerce solutions worldwide.
Payments on the payment processor's secure page - When a customer goes through checkout, Ecwid sends the order information to the payment processor and then redirects the customer securely to the payment gateway's website page (PayPal). It is where they specify their credit card information. When the payment is complete, the processor sends a callback containing payment status information to Ecwid. So, a customer's payment information is entirely processed on the payment processor side using a secure protocol and is not stored or collected by Ecwid in any way.
Technologies Overview
HTTPS (Hypertext Transfer Protocol Secure) - a protocol for secure communication over a computer network, with extensive deployment on the Internet. HTTPS provides authentication of the website and associated web server that one is communicating with, which protects against man-in-the-middle attacks.
Additionally, it provides bidirectional encryption of communications between a client and server, which protects against eavesdropping and tampering with and/or forging the contents of the communication. In practice, this provides a reasonable guarantee that one is communicating with precisely the website that one intended to communicate with (as opposed to an imposter), as well as ensuring that the contents of communications between the user and site cannot be read or forged by any third party.
Implementation of the HTTPS for the website requires purchasing the SSL certificate that should be installed on the website hosting side. As soon as it is implemented, the website can be accessed through the HTTPS connection, and the visitors will see the padlock sign in their browsers and be able to check the SSL certificate information.
PCI DSS Compliance - The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards developed by Visa, MasterCard, American Express, Discover, and JCB credit card brands. The measures aim to protect all cardholders and impose on all organizations (online or offline) that process or deal with credit cards. Simply put, when a company wants to work with credit cards, it must certify that all its processes meet these standards. Usually, these are companies like payment processors (e.g., PayPal, Stripe, Authorize.net, etc.), banks, and e-commerce solutions that process credit cards.
For more information, click here.
Additionally, it provides bidirectional encryption of communications between a client and server, which protects against eavesdropping and tampering with and/or forging the contents of the communication. In practice, this provides a reasonable guarantee that one is communicating with precisely the website that one intended to communicate with (as opposed to an imposter), as well as ensuring that the contents of communications between the user and site cannot be read or forged by any third party.
Implementation of the HTTPS for the website requires purchasing the SSL certificate that should be installed on the website hosting side. As soon as it is implemented, the website can be accessed through the HTTPS connection, and the visitors will see the padlock sign in their browsers and be able to check the SSL certificate information.
PCI DSS Compliance - The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards developed by Visa, MasterCard, American Express, Discover, and JCB credit card brands. The measures aim to protect all cardholders and impose on all organizations (online or offline) that process or deal with credit cards. Simply put, when a company wants to work with credit cards, it must certify that all its processes meet these standards. Usually, these are companies like payment processors (e.g., PayPal, Stripe, Authorize.net, etc.), banks, and e-commerce solutions that process credit cards.
For more information, click here.