Security and Payment Card Industry (PCI) Compliance should be a priority for all online retailers.
The good news is there are several steps that vastly reduce your potential exposure, and this is where we can really take the pressure off. When Magento releases a security patch as part of your Self Certification PCI compliance agreement to make sure this is applied within one month of its release date.
Magento also regularly supplies ‘patch releases’, which are core application upgrades that include security, performance, and high-priority fixes. These have an end-of-life deadline after which they are no longer supported, so it’s important site admins know whether the version of Magento they are running is compliant.
Our dedicated support team will make sure you’re always up to date on the latest releases.
Magento 2 now comes as standard with two-factor authentication (2FA) built into the admin and we strongly advise all businesses ensure this is enabled. Where possible, we also advise restricting the admin URL via IP address so only designated admins can access it.
Cloudflare offers both a web application firewall (WAF) and content delivery network (CDN), which helps to improve speed. The firewall adds an extra layer of security in front of your server, helps to reduce spam traffic, and prevents people from trying to brute force an attack on your site,. This may block a ‘bot’ or at least slow down a potential attacker, so they are more likely to move on to a less protected target.
Sansec is another essential tool which monitors your server in real-time to detect any changes which might be suspicious, and reports these back so any potential breach can be stopped before it becomes a bigger issue. It will also detect if software versions are outdated and in need of an upgrade.
PEN tests use the same software that is used for PCI compliance testing, and rigorously test the site and server for vulnerabilities.
PEN tests are included as standard in all our Magento projects. A test is run immediately before launch and then shortly afterwards, to make sure you are covered.
To do this, cookies need to hold temporary information, so it can be used to track user actions. This allows you to track performance and personalise customers' shopping experiences to help boost revenue and conversion rates.
There are some features that you need to include so you know you are doing the right thing for your customers, and that you have the correct consent to use and hold their data. You also have an obligation to make sure you are protecting this information. The Information Commissioner’s Office (ICO) expects sites to be maintained and upgraded. This could be reviewed should there be a compromise on your site.