Data Security For Our Store |
most of the following information was copied from the Ecwid website
|
About Our Online Store and Its Host - Ecwid and The TSI STORE, do not deal with customers’ credit card information. Ecwid does not collect, store and process data in any way. Instead, Ecwid supports a number of popular payment gateways. All of them can be divided into two main groups based on the way they interact with Ecwid.
Ecwid is PCI DSS Certificated - and a validated Level 1 Service Provider which is the gold standard for e-commerce solutions worldwide.
Payments on the payment processor’s secure page - when a customer goes through checkout, Ecwid sends the order information to the payment processor and then redirects the customer securely to the payment gateway’s website page (PayPal) this is, where he or she specifies their credit card information. When the payment is done, the payment processor sends a callback containing payment status information to Ecwid. So, a customer’s payment information is processed completely on the payment processor side using a secure protocol and is not stored or collected by Ecwid in any way.
Ecwid is PCI DSS Certificated - and a validated Level 1 Service Provider which is the gold standard for e-commerce solutions worldwide.
Payments on the payment processor’s secure page - when a customer goes through checkout, Ecwid sends the order information to the payment processor and then redirects the customer securely to the payment gateway’s website page (PayPal) this is, where he or she specifies their credit card information. When the payment is done, the payment processor sends a callback containing payment status information to Ecwid. So, a customer’s payment information is processed completely on the payment processor side using a secure protocol and is not stored or collected by Ecwid in any way.
Technologies Overview
HTTPS (Hypertext Transfer Protocol Secure) - a protocol for secure communication over a computer network, with especially wide deployment on the Internet. HTTPS provides authentication of the website and associated web server that one is communicating with, which protects against man-in-the-middle attacks.
Additionally, it provides bidirectional encryption of communications between a client and server, which protects against eavesdropping and tampering with and/or forging the contents of the communication. In practice, this provides a reasonable guarantee that one is communicating with precisely the website that one intended to communicate with (as opposed to an imposer), as well as ensuring that the contents of communications between the user and site cannot be read or forged by any third party.
The implementation of the HTTPS for the website requires purchasing the SSL certificate that should be installed on the website hosting side. As soon as it’s implemented, the website will be able to be accessed through the HTTPS connection, and the visitors will see the padlock sign in their browsers and will be able to check the SSL certificate information.
PCI DSS Compliance - the Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards developed by Visa, MasterCard, American Express, Discover and JCB credit card brands. The standards aim at protecting all card holders and impose on all organizations (be it online or offline) who process or deal with credit cards. To put it simply, when a company wants to work with credit cards, it has to certify all its processes meet these standards. Usually these are companies like payment processors (e.g., PayPal, Stripe, Authorize.net, etc), banks, e-commerce solutions which process credit cards.
More info: https://www.pcisecuritystandards.org/security_standards/
HTTPS (Hypertext Transfer Protocol Secure) - a protocol for secure communication over a computer network, with especially wide deployment on the Internet. HTTPS provides authentication of the website and associated web server that one is communicating with, which protects against man-in-the-middle attacks.
Additionally, it provides bidirectional encryption of communications between a client and server, which protects against eavesdropping and tampering with and/or forging the contents of the communication. In practice, this provides a reasonable guarantee that one is communicating with precisely the website that one intended to communicate with (as opposed to an imposer), as well as ensuring that the contents of communications between the user and site cannot be read or forged by any third party.
The implementation of the HTTPS for the website requires purchasing the SSL certificate that should be installed on the website hosting side. As soon as it’s implemented, the website will be able to be accessed through the HTTPS connection, and the visitors will see the padlock sign in their browsers and will be able to check the SSL certificate information.
PCI DSS Compliance - the Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards developed by Visa, MasterCard, American Express, Discover and JCB credit card brands. The standards aim at protecting all card holders and impose on all organizations (be it online or offline) who process or deal with credit cards. To put it simply, when a company wants to work with credit cards, it has to certify all its processes meet these standards. Usually these are companies like payment processors (e.g., PayPal, Stripe, Authorize.net, etc), banks, e-commerce solutions which process credit cards.
More info: https://www.pcisecuritystandards.org/security_standards/