Tag Archives: security

Our Gift to You…

13 Oct

Freewebstore is delighted to announce a platform upgrade; we’re giving each and every one of our 500,000+ users an SSL – for free! Better still, you don’t even have to lift a finger!

A lil’ bit more information…

77% of consumers are worried that their personal information could end up in the wrong hands(Global Sign). Having an SSL enabled on your web store will instill buyers confidence and increase sales.

Here’s an example of what your customers will see without you having an SSL enabled:

unprotected

This is an example of what your customers will see with our free SSL feature:

secure

Is it for me?

If you’ve got a web store and want your customers to feel fully secure increasing shoppers confidence then yes, this is for you!

Why are we doing this?

1. Love. We love our store owners and we want to give you EVERY chance of success possible. 💙

2. Added security and buyers confidence. 77% of consumers are worried that atheir personal information could end up in the wrong hands. This feature will reassure your customers this is not the case!

3. Improve your SEO. Google is making changes to their algorithms and this will start to take HTTPS as a ranking signal and, if stores are not SSL protected, this could have an impact on where the store sits on the search engine.

When will I be able to claim my SSL?

Freewebstore started rolling out the SSL feature across the board and this will be available to all of our users.

 

 

Let’s Talk Security!

16 May
With the recent cyber attack that has hit numerous organizations in the UK, most noticeable the NHS, cyber security is on everyone’s lips. We briefly caught up with Simon, our security chief, to get some words of reassurance!

1. What kind of security measures do freewebstore take?

We monitor our systems, logs and firewalls constantly, scanning for malicious activity.  Automated systems are in place to block any bad actors, and do so regularly.  Keeping our store owners and their customers safe is the Security Team’s top priority.

 

2. Will the latest cyber attack impact our store owners?

Not at all.  Our servers use the latest operating systems and are kept fully patched.  We remain on High Alert for the time being though, just in case.

3. What can I, as a store owner, do to minimize an attack?

 As far as your store is concerned, you don’t need to do anything, that’s the beauty of freewebstore!  Leave the technical stuff to us, so you can focus on running your business. For the computers you use daily, I’d recommend that you keep them up to date with the latest patches (Windows Update, etc) and try to run the latest version of your operating System where possible – especially if it was released more than 5 years ago. You should also run a modern browser, such as Google Chrome or Mozilla Firefox, which automatically keep themselves up to date.

Phew! Thank’s, Simon…

A little bit more information on our store security can be seen below!

Are freewebstore PCI compliant?

 Yes. Security is of paramount importance to us and we take PCI compliance very seriously. Freewebstore undergoes annual assessments to validate our compliance. Continuous evaluation and risk assessment ensures that PCI compliance is at the heart of what we do.

We’ve partnered up with Braintree to provide a secure environment that goes above and beyond industry standards and guidelines:

Braintree – https://www.braintreepayments.com/developers/security

Prohibited Data Storage

We never store raw magnetic stripe, card validation code (CAV2, CID, CVC2, CVV2), or PIN block data.

Data Encryption

Cardholder data is stored using one of the most advanced encryption methods available. Multiple encryption keys are stored on different physical servers. A data thief would not be able to make use of information stolen from a database without also having the key. The data store where cardholder data is kept cannot be connected to via the internet.

Authentication and Session Management

All users have to authenticate each time they use the application and inactive sessions time out after 2 hours. Passwords are never stored directly in the database. In addition, all communication between merchants and us is conducted in a secure fashion using TLS (Transport Layer Security).

Penetration Testing

At least quarterly, automated vulnerability scans are conducted on our Card Data Environment. In addition, at least once a year we have extended external penetration testing conducted by outside sources.

Securing Access

Our network has been set up in a secure fashion with minimal access to outside networks. Only VPN access is allowed to our servers from whitelisted IPS.

If you want any more information on this please contact our team at support@freewebstore.com.