eCommerce Security and Compliance

Security and Payment Card Industry (PCI) Compliance should be a priority for all online retailers.


Magento is still ranking as one of the most popular eCommerce platforms in the world. Unfortunately, this means cyber criminals who want to steal customer data and credit card information will try and attack Magento and other big platforms.


The good news is there are several steps that vastly reduce your potential exposure, and this is where we can really take the pressure off. When Magento releases a security patch as part of your Self Certification PCI compliance agreement to make sure this is applied within one month of its release date.

Magento also regularly supplies ‘patch releases’, which are core application upgrades that include security, performance, and high-priority fixes. These have an end-of-life deadline after which they are no longer supported, so it’s important site admins know whether the version of Magento they are running is compliant.

Our dedicated support team will make sure you’re always up to date on the latest releases.


Magento 2 now comes as standard with two-factor authentication (2FA) built into the admin and we strongly advise all businesses ensure this is enabled. Where possible, we also advise restricting the admin URL via IP address so only designated admins can access it.


We recommend several third-party services that specialise in security and compliance, so you can feel confident you have done everything you can to minimise your risk and exposure.

Cloudflare offers both a web application firewall (WAF) and content delivery network (CDN), which helps to improve speed. The firewall adds an extra layer of security in front of your server, helps to reduce spam traffic, and prevents people from trying to brute force an attack on your site,. This may block a ‘bot’ or at least slow down a potential attacker, so they are more likely to move on to a less protected target.

Sansec is another essential tool which monitors your server in real-time to detect any changes which might be suspicious, and reports these back so any potential breach can be stopped before it becomes a bigger issue. It will also detect if software versions are outdated and in need of an upgrade.


We can also offer regular Penetration (PEN) testing to check your site is in good health.

PEN tests use the same software that is used for PCI compliance testing, and rigorously test the site and server for vulnerabilities.

PEN tests are included as standard in all our Magento projects. A test is run immediately before launch and then shortly afterwards, to make sure you are covered.


It is vital that you have the right consent to collect and analyse your customers’ behavior on your eCommerce store.

To do this, cookies need to hold temporary information, so it can be used to track user actions. This allows you to track performance and personalise customers' shopping experiences to help boost revenue and conversion rates.

To make sure you are covered, you should obtain customers consent to uses cookies that included either implied or expressed consent.


GDPR should be a key consideration when building or maintaining an eCommerce store.

There are some features that you need to include so you know you are doing the right thing for your customers, and that you have the correct consent to use and hold their data. You also have an obligation to make sure you are protecting this information. The Information Commissioner’s Office (ICO) expects sites to be maintained and upgraded. This could be reviewed should there be a compromise on your site.



We partner with industry-leading hosting providers who put security at the forefront of their offerings. They also provide 24/7 support so you know you are covered at any time should there be an issue with your site. If you would like an introduction, please contact one of the team.

Our team are very experienced and happy to point you in the right direction should you need assistance in these key areas.


Contact us to find out how we can help you increase traffic and drive sales.

Please get in touch for a no obligation, highly accurate estimate and timeline for a new Magento or Shopify eCommerce site.

Enter your email address to sign up to our newsletter, featuring case studies, insights, industry news and much more.