Customer Data Security in Ecwid

Last updated

When you launch your online store, security becomes a topical question. Online stores are a major target for hackers and fraudsters. It’s not surprising because e-commerce sites are the points where people leave their most sensitive information: their names, addresses and credit card details.

That’s why it’s necessary to be sure that all the data in your store is processed in a completely secure way and can’t be accessed by violators. 

In Ecwid your customers’ information is completely safe. Here you will find out what we do to protect your customers’ data.

Ecwid stores always run via HTTPS

Regardless of whether or not you have an SSL certificate for your site, it’s important to know that Ecwid is always launched using an HTTPS connection. You can always verify this by inspecting the Network session of your store.

In order to indicate that the checkout is secure, Ecwid shows a padlock image on the checkout page.


If your store is added to a website that uses HTTP connection (without 'S'), browsers will still show that the website is not secure. You need to have your whole website run via HTTPS so that browsers marked it as secure.

The Chrome browser now marks all HTTP websites as not secure.

To get ready for this change check this article in our Help Center: How to show that the store is secure?

Ecwid doesn’t collect credit card information

Ecwid itself and your store in particular doesn’t deal with your customers’ credit card information. Ecwid doesn’t collect, store or process such data in any way.

Instead of that Ecwid supports a number of popular payment gateways. All of them can be divided into two main groups based on the way they interact with Ecwid.

Payments on the payment processor’s secure page

When a customer goes through checkout, Ecwid sends the order information to the payment processor and then redirects the customer securely to the payment gateway’s website page — this is, where they specify their credit card information. When the payment is done, the payment processor sends a reply (callback) containing payment status information to Ecwid.

So, a customer’s payment information is processed completely on the payment processor side using a secure protocol and isn’t stored or collected by Ecwid in any way. If you setup the payment method in your Ecwid store, this provides a redirect from the store to payment page (for example, PayPal). Such a page uses HTTPS, so your customers can feel confident about the security of their information.

Payments completed without leaving a store 

Some payment processors (e.g. Stripe, Square, etc.) are integrated with Ecwid quite differently.

After adding shipping information to their order, customers are not redirected to the payment processor page, but instead they see the payment form right on the checkout page of the store.

In this case Ecwid is working within a customer’s browser (i.e. payment information is not stored on the server where the site resides). It means that when a customer inputs their credit card information, the data is not transferred to the server where your website is stored. Ecwid connects straight to the payment gateway via a highly secure channel and sends a request with the data for the order. This information is not transferred to Ecwid servers, and is not stored or collected by us. The payment gateway performs all the necessary operations with this data and returns a callback to Ecwid.

This solution was verified and approved by a Qualified Security Assessor (QSA) company.

Ecwid is integrated only with reliable payment gateways

We care about your security. That is why Ecwid is integrated only with secure reliable payment gateways, which use AVS check and other verification technologies to avoid fraudulent payments and guarantee the safety of sensitive information.

Check the full list of online payment options available in Ecwid.

Ecwid is PCI DSS certified

PCI DSS stands for Payment Card Industry Data Security Standard and Ecwid is PCI DSS validated Level 1 Service Provider which is the gold standard for e-commerce solutions worldwide. 

The security of your customers’ data is a crucial question you should care about when running your online store. Using Ecwid, you can seamlessly comply with the security requirements without any additional efforts. All sensitive information is always transmitted via secure HTTPS channel. We don’t store sensitive data on our servers. We support only reliable payment gateways which guarantee the security of transactions.

We take care of your customers’ data security concerns so that you could focus on your business.

Was this article helpful?
8 out of 13 found this helpful
Get help
  • Forums

    Join the Ecwid community. Discuss support topics and store ideas with other Ecwid users.

  • Contact us

    Still have questions about Ecwid? Let us know! We will be glad to help you with your Ecwid store.

  • Status Monitor

    Get real time status updates on Ecwid services here, 24/7