DD - Security

Hey everyone! Here today for another quick tech chat from the dev team. Today I’ll be breaking down a few of the layers of security we have for your website and what each of them does. When running a website that has personal data stored as well as the ability to process payments, security is really important.

The first line of defense for your website is SSL, or secure sockets layer. In V5, this was an optional feature, but we’ve included it for every V6 site. SSL secures and encrypts the connection between a user’s browser. Without SSL, when data is transferred between a browser and website, it’s possible to intercept that data and steal it. This is why it’s unsafe to login or enter credit card data on sites that don’t use SSL – sensitive data can easily be exposed and used maliciously. In addition, because the V6 platform relies so heavily on requests to our internal API, using SSL ensures that these requests are also encrypted.

Another crucial step that we take for security is to either hash or encrypt any sensitive data that we store on our servers. Hashing is a method of securing data – essentially, it makes the data unrecognizable in a way that cannot be undone. That means that if we store a hashed password, for instance, there’s no way to figure out the original password from the data that we store. This is great, because it means that even in the unlikely event of data being stolen, our clients’ hashed data wouldn’t be compromised. Encryption is a similar method, but can be reversed. Encryption is great for any sensitive data that we would need to be able to turn back into a readable format for clients to use. We have our own custom encryption system to ensure that the data is as difficult for hackers to decrypt as possible. Surprisingly, hashing and encrypting sensitive data isn’t as common as you may think – back when Equifax was hacked, for instance, it was found that they were storing important administrative credentials in plain text.

Finally, to ensure that your sales are as secure as possible, we’ve partnered with several companies to support our e-commerce implementation. As I’m sure many of you know, we support the fraud detection available from our checkout processors, as well as extra fraud and order protection from ClearSale. We see fraudulent orders come in pretty frequently, so making sure that you have a robust system to check for it is important if you plan to sell online.

There’s so much more I could talk about, but I’ll have to save that for a later date. Let me know any questions you have, and let me know if there are any other things you’d like to know about your website’s technology!