Security in Ecwid

Last updated

Customers offer some of their most sensitive information in your online store including their names, addresses, and credit card details. That’s why we put forward our best effort to process data in a completely secure manner. Find out what we do to protect your customers’ data.

In this article:

Ecwid stores always run via HTTPS

Ecwid is always launched using an HTTPS connection. You can always verify this by inspecting your store’s network sessions. To confirm checkout is secure, Ecwid displays a padlock image on the checkout page:

The Padlock icon shows that the connection is secure

Whether you use Wix, Wordpress, or any other web presence, remember to take care of your site’s security. This will not affect the security of your online store, but it’s best to be secure across your domain.

Ecwid doesn’t collect credit card information

Ecwid does not actually handle your customers’ credit card information. In fact, we don’t collect, store, or process such data in any way. Rather, Ecwid supports a number of popular payment gateways that processes your customers payment information. These payment processors can be divided into two groups based on the way they interact with Ecwid.

Payments on the payment processor’s secure page

When a customer places an order, Ecwid sends the order information to the payment processor and securely redirects the customer to the payment gateway’s web page where they enter their credit card information. When payment is complete, the payment processor sends a reply (callback) confirming payment to Ecwid.

The customer’s payment information is processed by the payment processor using a secure protocol.

Payments completed without leaving the store page 

Some payment processors (Stripe, Square, etc.) are integrated with Ecwid quite differently.

With these payment processors, customers are not redirected. Instead, they see a payment form right on the store’s checkout page.

In this case Ecwid works within a customer’s browser. This way, when a customer enters their credit card information, the data is not transferred to the server where your website or store is located. Ecwid connects directly to the payment gateway via a highly secure channel and sends a request with the order information. This information is not transferred to Ecwid servers, does not pass through, and is not stored by us. The payment gateway performs all operations with this data and returns a callback confirming payment to Ecwid.

This solution was verified and approved by Qualified Security Assessor (QSA).

Ecwid is PCI DSS certified

PCI DSS stands for Payment Card Industry Data Security Standard, and Ecwid is a PCI DSS validated Level 1 Service Provider. This is the highest international standard for secure data exchanges for online stores and payment systems.

See Ecwid’s Attestation of Compliance with PCI DSS for Level 1 Service Providers.

Ecwid uses secure hosting

All data in your Ecwid store — products, customers, general information — is stored with Ecwid. We regularly scan Ecwid for breeches and protect this information with software updates and backups of your stores’ information. We store our data on Amazon Web Services — the most reliable and secure hosting solution. 

Back to top
Has the article answered your question?

Awesome! Thanks for your feedback!

Please send us that question. We will be happy to help by email.

Send a message