Security Details
ChainWeavers takes website security very serious. We have implemented protocols above and beyond those required by the credit card industry as a prerequisite for accepting major credit cards by scheduling security scans on a daily basis.
Many e-commerce sites are operating under a false sense of security and would like for you to believe that a secure connection and use of a 3rd party payment processor for credit card sales fully protects your privacy and financial information.
That false sense of security is one of the primary reasons that the Payment Card Industry implemented the requirement for e-commerce sites that accept credit cards to have security scans at least once every three months. That being said, credit card theft is not the same as identity theft. Many credit card users hear reports of security breaches on well recognized websites and instantly think “IDENTITY THEFT”. Most of these breaches, while serious are only credit card theft issues. Yes they are a pain to resolve but resolution is relatively quick compared to repairing identity theft.
The short version:
ChainWeavers:
-
Has its own SSL certificate (that’s what shows the padlock when you’re logging in and/or entering credit card information.
-
Has DAILY security scans performed on the entire website, database, script files, email server, etc by McAfee. The Payment Card Industry (PCI) requires scans to be conducted by an Approved Scanning Vendor (ASV) to rigorous standards on a quarterly basis. All known vulnerabilities are tested and must pass before a security certificate is issued.
-
Monitors website application updates daily and implements security updates as soon as practical.
-
Reviews website logs weekly to check for suspicious activity. Suspicious activity will be reported to software developers and McAfee for remedial action.
The longer version:
-
Most internet users are familiar with secure protocol. The https:// that preceeds a website address indicates a secure connection. Also, the address bar indicates a “Padlock” symbol for easy identification. Many e-commerce sites depend upon SSL certificates which are shared by every website stored on the particular server. This shared technology offers some degree of protection but ChainWeavers goes the extra mile and purchases an SSL certificate that is functional on our website only. To enhance website speed, only those areas which involve personal or credit card data are transmitted through the secure server. The balance of the website is transmitted using standard protocols.
-
We also use a 3rd party credit card processing gateway that conforms to the Payment Card Industries security standards.
-
When you hear about security breaches that involve large credit card companies, it is not because of an SSL technology failure; it is because someone has found a hole in the the software not related to the security issues.
-
There are also know security issues with some SSL protocols. ChainWeavers has those particular protocols disabled from use on our servers. Many e-commerce servers still have the older, outdated, less secure protocols enabled even though the protocol is not being used.
-
There are several software applications that are inter-woven to get our website on your screen. There is the database which stores all the customer information, order information, product information, etc. There are the script files which searches the database for the proper data to use. There are the style sheets which takes care of the bulk formatting. Let’s not forget the html coding for the final touches. Over 2900 files located in over 280 folders are required to do this. The hacking world loves to attempt to exploit the database and script files. That’s where they try to insert malicious code which intercepts credit card data or diverts the customer to a cleverly created sites around the world that are immune to prosecution. SSL technology is useless in these cases. Sometimes they just insert malicious code that contains virus’. This type of security breach is usually invisible to the customers and website owners and can be present for long periods of time before being discovered. Our quarterly security scans look for these types of issues. Suspicious activity in our website logs point to the areas where there may have been attempts to exploit unknown security issues. If this should occur, we immediately compare the website files to known ‘sterile’ copies and report the exploit to software developers & our approved scanning vendor so that the hole can be patched and scanned for future issues.
Most consumers do not know that the Payment Card Industry REQUIRES ALL ecommerce websites that accept credit cards to pass quarterly scans. Currently, most small ecommerce sites do not follow the rules due to the cost of the scans and the cost to have the issues corrected. We use the same security scans that are used by Home Depot, The American Red Cross, NBC, Ace Hardware, Petco and many more major brands that you probably recognize. The only difference is their sites are targeted much more intensely by hackers and they have their sites scanned daily but don’t necessarily have anyone reviewing the server logs as we do at ChainWeavers. We have the scans conducted DAILY but do not purchase the special, spendy logo. If you ever want to see a copy of our quarterly certificate, please contact us and we'll be happy to email a copy for your viewing pleasure.
Images on the website have been digitally watermarked with ownership and usage information. Digimarc and the Digimarc logo are registered trademarks of Digimarc Corporation. The "Digimarc-Enabled" Web Button is a trademark of Digimarc Corporation, used with permission.