One of the great things about Shopify is that it's a hosted service. This means all the moving parts of your store live on Shopify's servers which in turn means Shopify is responsible for providing a secure and stable environment upon which you can operate your online business.
Shopify has taken this responsibility very seriously and provide all their customers with enterprise-level finance and data security. Below is a list of the five main security benefits you can enjoy by default without having to do a thing when we build your store on Shopify.
1. PCI Compliance
The Shopify platform and network are PCI compliant. The Payment Card Industry Data Security Standard (PCI DSS) was founded by American Express, Discover, JBC, MasterCard and Visa in a joint venture to encourage companies to implement a standardised set of security measures to prevent fraud. Shopify is certified Level 1 PCI DSS compliant which is the highest security compliance accolade that can be awarded to an ecommerce store. This means your Shopify store is Level 1 PCI DSS compliant. Congratulations!
2. Built in Risk Analysis on all transactions
Fraudulent transactions are a reality of trading online. Shopify has been quick to accept this reality and has developed very effective analysis tools that are available to any store built on Shopify. Shopify's fraud analysis helps you identify orders that could be fraudulent. Identifying fraudulent orders can help you avoid chargebacks (a chargeback is when a customer asks their credit card company to cancel a payment). Fraudulent orders are extremely damaging to any ecommerce business. When a customer initiates a chargeback you are charged a chargeback fee as well as running the risk of being suspended from processing payments by your payment processor. Shopify makes it simple to assess the risk of a suspicious order and will automatically cancel it if it deems it too risky. Shopify verifies the authenticity of each order by running some tests against a list of "indicators" including verifying the billing street address, verifying the customer's credit card details against the given billing address and verifying if the credit card has been flagged for fraudulent orders in the past or if the card has been reported as stolen. Any order that comes into your store that seems suspicious will be placed on hold until you've had a chance to assess it and check with the customer.
3. A Free SSL cert on every store
An SSL certificate allows your website to communicate securely with your customers. A website with an SSL certificate properly installed displays a small padlock beside the URL entry field of the browser and ensures that the data sent between your store and the customer is encrypted. This ensures any data such as credit card numbers and login details such as usernames and passwords are 100% secure before being sent across the internet to their destination. This functionality is provided to all Shopify customers as soon as they create their store or assign a domain to a store already built on Shopify.
4. Brute-force and DDoS attack mitigation
A brute-force attack describes malicious activity on your website whereby an attacker tries a multitude (often millions) of user and password combinations to gain access to your store. A Distributed Denial of Service (DDoS) attack is when your website is overloaded with traffic from hundreds or thousands of other computers that have been instructed to visit your site with the aim of slowing it down or knocking it offline. Shopify mitigates both of these common attacks by having powerful web application firewalls in place that are supported by algorithms that recognise these kinds of attacks and block them before they can take hold.
5. Shopify has pro-actively responded to GDPR compliance
Shopify is a Canadian company but they have thousands of customers throughout the European Union. To that end, they have developed GDPR-compliant features that are built into the platform including features to enable you to offer your customers transparency into and control over their personal data as well as technical measures to ensure that your customers' personal data is protected at all times as it crosses borders.