The Most Secure E-commerce For WP

Cart66 Cloud is more than just PCI compliant, it is the most secure solution for WordPress e-commerce available. This article will explain why Cart66 Cloud is more secure and better than the common approaches to security used by popular payment gateways and how you can still use whatever gateway you want while taking advantage of the security that Cart66 Cloud provides.

There are four popular ways that payment gateways and WordPress plugins try to help you with security and PCI compliance. There are plenty of gray areas regarding PCI compliance and after receiving counsel from multiple PCI compliance auditors and Qualified Security Assessors it is not clear that all of the common approaches are, in fact, PCI compliant. Even if the common approaches are PCI compliant, Cart66 Cloud is the most secure solution available.

The Four Common Approaches To Security

The common approaches to helping you achieve a secure and PCI compliant e-commerce site are:

Transparent redirect: The HTML form tags action attribute submits data directly to your payment gateway rather than to your WordPress website. Not very secure because all a hacker has to do is change the action tag on your WordPress checkout page and point it to their server. Once that happens all your customers are sending their credit card data to the bad guys.

Javascript: The checkout form is hosted on your site and the data is submitted to your payment gateway using JavaScript bypassing your WordPress website. This is not any more secure than transparent redirect, you are just using JavaScript to send the data. A hacker could just place a JavaScript file on your site and override where the data gets sent. So rather than going to the payment gateway it goes to the bad guys.

iFrame checkout form: The checkout form is physically hosted on your payment gateways secure server and embedded into your site using an iFrame. The data is submitted directly to your payment gateway, not to your WordPress site. This sounds like it could be more secure than transparent redirect or the JavaScript approach but it really isn’t. All a hacker has to to do is break into your WordPress website and change the source of the iFrame so that rather than referencing your payment gateway’s server it pulls in a form from the hacker’s server.

Hosted checkout page: Your customer is directed to a page hosted entirely with your payment gateway. You have very little or no control over the page design so your checkout page doesn’t look anything like your website. Your customer enters their billing information and it goes directly to the payment gateway, bypassing your WordPress website. The hosted checkout page approach is the most secure because everything is hosted on a secure server. But, a hacker could build their own page that looks just like your hosted checkout page. Then all the hacker has to do is break in to your WordPress website and change your site to redirect people to the fake hosted checkout page rather than the one your payment gateway provides.

Why Cart66 Cloud Is Even More Secure

Out of all of the above options, Cart66 Cloud is most similar to the Hosted checkout page approach but far exceeds just providing a hosted checkout page. In addition to securing the checkout page itself, Cart66 Cloud also:

  • Secures customers shopping carts
  • Secures product information (names, prices, variations, etc.)
  • Secures all coupon codes
  • Secures all customer data, orders and order history
  • Securely hosts and delivers all files for digital products

So, even in a worst case scenario, if a hacker breaks in to your WordPress website and manages to redirect customers to a fraudulent hosted checkout page, the fake checkout page would know nothing about what was in your customer’s shopping cart, what the correct prices for the items should be, what your coupon codes are, etc.

The Most Customizable And The Most Secure

Cart66 Cloud lets you skin your secure checkout page with your WordPress theme so that it looks exactly like the rest of your WordPress site even though it is hosted on the Cart66 Cloud. In addition to providing the most customizable hosted checkout page, Cart66 Cloud secures much more than just your checkout page making it more secure than any of the popular techniques for securing your WordPress e-commerce site.