One of the great things about Cart66 Cloud is that it provides all the security you need for a safe and PCI compliant WordPress store without you having to do anything. You don’t even need your own SSL certificate. All the sensitive data is collected, and transmitted from your slice of our ultra secure cloud.
Let’s take a closer look at:
- How Cart66 Cloud provides security and PCI compliance
- Why you get a custom subdomain for your secure checkout page
- How SSL certificates work
- Examples of secure checkout pages on real, live sites
Custom Subdomains
Cart66 Cloud comes with your own custom subdomain to access your checkout page running on the ultra secure and PCI compliant cloud servers. Your checkout URL will look like: https://custom-name.cart66.com
Why Use Subdomains?
There are two reasons Cart66 Cloud uses subdomains to secure your checkout page.
- To provide a secure and PCI Compliant server
- To provide an SSL certificate for your secure checkout page
PCI Compliant Server
The checkout page collects and transmits credit card data and, therefore, needs to run on a PCI compliant server. You can read more about what it means to be PCI compliant here.
WordPress sites, by the nature of how they work and how they are hosted are not PCI compliant, even if you have your own SSL certificate. Even if your WordPress website doesn’t store credit card data, all it has to do is transmit credit card data (like sending the card data to your payment gateway) and your website will have to comply with all of the requirements for PCI compliance. A few of the requirements for PCI compliance that virtually all websites fail include:
- (Section 1.3) You have to have a completely isolated database. That means your database must run on it’s own physical server and can only be accessible by a Virtual Private Network (VPN)
- (Section 2.3) You can’t allow FTP access because it is a form of unencrypted access to your server
- (Section 6.1) You have to have control over how often security patches and updates get installed on your server.
There are other requirements as well such as two factor authentication, and quarterly security scans that virtually no WordPress website have.
For the reasons above, you cannot have the checkout page on your own web server.
How SSL Certificates Work
An SSL certificate does two things.
- It verifies that ownership of the domain name
- It encrypts the communication between your web browser and the web server
When you purchase an SSL certificate, the company issuing the certificate has to verify the ownership of the domain name so that you can trust that the site you are on is actually owned by the company you think you are working with. There is a process that you have to go through to prove the ownership of the domain name.
You cannot get an SSL certificate for a subdomain if you don’t own the main domain name too.
The bottom line is, we can’t provide an SSL certificate for a domain name that we don’t own so the checkout page must be secured on our domain.
Although we can’t provide an SSL certificate for a domain name we don’t own, we can let you customize the domain with your own store name. All Cart66 Cloud accounts come with a your own free, custom subdomain.
What Does It Look Like?
Quite literally, the only thing that changes is the domain name – your checkout page looks exactly like your WordPress site. This makes Cart66 cloud unique and far better than using PayPal or other traditional off-site payment platforms. Cart66 Cloud literally uses your WordPress theme to skin your checkout page. Take a look at our checkout page. We use Cart66 Cloud to sell Cart66!
Example Checkout Pages
Here are a few examples of Cart66 Cloud product pages running on WordPress and the corresponding secure checkout pages powered by the secure Cart66 Cloud server. As you can see, the secure checkout page looks identical to the rest of the WordPress site because Cart66 Cloud literally uses your WordPress them to skin the secure checkout page.
The product page
The secure checkout page
The product page
The secure checkout page