What are the system's security settings?
The system is secured due to a collective SSL license – meaning that every site is automatically granted with the use of the SSL. No specific purchase of modification is needed, as the virtual store interface is secured in advance.
Please notice that the system only protects the store interface – it is impossible to use the SSL features for any other tools.
How does the security work?
During the purchase process, customer's data is recorded. Whenever the site owner allows the use of credit cards as means of payment (both offline and online), the payment process will include inputting credit card information. If online charging is enabled, the data will be automatically sent to the charging company, otherwise the information will be stored in a secure area within the system.
Due to the fact that the store interface is located on a different, secure server that is not part of the system itself, virtual store pages are relatively limited for making changes. These pages must be static and non-flexible in order to meet the strict demands of credit card companies.
Note that the system will gather most data possible, even if the order is incomplete. For example, if the user has closed the browser window for whatever reason and haven't completed their order, the system will still allow you to see whatever data they have managed to input – allowing you to contact them later.
How would I know the security is on?
There are two basic ways of telling a page is secured: you can see “HTTPS” in the address bar and a lock icon somewhere in the browser.
It is important to notice that a page is really secure when there's no way of accessing it via other protocols – meaning that HTTP access won't work.
HTTPS access when browsing:
The lock icon in Internet Explorer 8, next to the address bar:
The lock icon in Mozilla Firefox 3.5, in the status bar of the window:
According to credit card companies' demand, the security is enabled in the credit-card-related pages only, the shipping address and contact details are not.
Please note that the system currently does not provide a built-in lock icon for pages. Feel free to look around the web for free-to-use lock signs or even design your own one. A common place for these icons is the site menu, using the “free code” tool.
What are the technical specifications of the encryption key?
The key is a “Class2” security key, 1024-bit-long. It is being issued by “GoDaddy”automatically to our system, so there's no need to worry about its expiration. Secure pages can only be accessed via HTTPS, meeting the security standards.
