Website Security Tips

 
All IndieCommerce sites are PCI Compliant, and credit card information is safely encrypted using an SSL Certificate.  No credit card data is ever stored on our servers, and is instead  stored securely by one of the most trusted payment gateways on the web, Authorize.net.
 
That said, from time to time, stores might unknowingly engage in activity that can endanger their PCI Compliance. Please follow these tips to help ensure the security and compliance of your site.  

• Never collect credit card information outside of your secure checkout pages.  Do not ask for credit card information in a webform or via email. This can lead to severe fines.
• Avoid placing insecure content on your site.
• Use separate accounts for each store employee, and remove access if an employee has left.  Store roles can be added or removed by going to User Management > Store Roles.  For more information click here.
• Ask administrators to change their passwords once every 6 months.
• Make sure that Store Administrators log off of their IndieCommerce site when leaving a computer.

 
Terminology

SSL Certificate: SSL, or Secure Sockets Layer, is a protocol designed to enable applications to transmit information back and forth securely. Your SSL Certificate makes sure that all of your customer data, including credit card information, is transmitted securely.

PCI Compliance (PCI DSS): Short for Payment Card Industry (PCI) Data Security Standard (DSS), PCI DSS is a standard that all organizations, including online retailers, must follow on sites that  store, process, or transmit their customer's credit card data.