Knowledge base
Video tutorials
Try searching for:
Recently viewed articles:

Table of contents

Security in Ecwid

Customers share some of their most sensitive information in your online store including their names, addresses, and credit card details. That’s why we put forward our best effort to process data in a completely secure manner. Find out what we do to protect your customers’ data.

If you see a warning "Your store runs on an insecure HTTP site" in your Ecwid Control Panel, there are a few things you can do to resolve it.

Ecwid stores always run via HTTPS

Ecwid is always launched using an HTTPS connection. You can always verify this by inspecting your store’s network sessions. To indicate checkout is secure, Ecwid shows a message on the checkout page:

Security message on checkout

Whether you use Wix, WordPress, or any other web presence, remember to take care of your site’s security. This will not affect the security of your online store, but it’s best to be secure across your domain.

Ecwid doesn’t collect credit card information

Ecwid does not actually handle your customers’ credit card information. In fact, we don’t collect, store, or process such data in any way. Rather, Ecwid supports a number of popular payment gateways that process your customers' payment information. These payment processors can be divided into two groups based on the way they interact with Ecwid.

Payments on the payment processor’s secure page

When a customer places an order, Ecwid sends the order information to the payment processor and securely redirects the customer to the payment gateway’s web page where they enter their credit card information. When payment is complete, the payment processor sends a reply (callback) confirming payment to Ecwid.

Payments completed without leaving the store page 

Some payment processors (Lightspeed Payments, Stripe, Square, etc.) are integrated with Ecwid differently. With these payment processors, customers are not redirected. Instead, they see a payment form right on the store’s checkout page.

In this case, Ecwid works within a customer’s browser. This way, when a customer enters their credit card information, the data is not transferred to the server where your website or store is located. Ecwid connects directly to the payment gateway via a highly secure channel and sends a request with the order information. This information is not transferred to Ecwid servers, does not pass through, and is not stored by us. The payment gateway performs all operations with this data and returns a callback confirming payment to Ecwid.

This solution was verified and approved by Qualified Security Assessor (QSA).

Ecwid is PCI DSS certified

PCI DSS stands for Payment Card Industry Data Security Standard, and Ecwid is a PCI DSS validated Level 1 Service Provider. This is the highest international standard for secure data exchanges for online stores and payment systems.

See Ecwid’s Attestation of Compliance with PCI DSS for Level 1 Service Providers.

Ecwid uses secure hosting

All data in your Ecwid store — products, customers, general information — is stored with Ecwid. We regularly scan Ecwid for breaches and protect this information with software updates and backups of your stores’ information. We store our data on Amazon Web Services — the most reliable and secure hosting solution.

Was this article helpful?

Awesome! Thanks for your feedback!

Thanks for your feedback!

Sorry about that! What went wrong?
23 out of 29 found this helpful
We use cookies and similar technologies to remember your preferences, measure effectiveness of our campaigns, and analyze depersonalized data to improve performance of our site. By choosing «Accept», you consent to the use of cookies.
Accept cookies Decline