CS-Cart: On-Premise eCommerce Solutions You Can Trust
Security of the code, product, and human resources is one of our top priorities. We develop CS-Cart and CS-Cart Multi-Vendor to be compliant with industry data protection standards such as PCI DSS and GDPR.
We do care about the security of the product and implement functionality that protects your store or marketplace from unauthorized access and data breach. Building your eCommerce website on CS-Cart, you can be sure your customers’ and your own data is safe.
PCI DSS Compliance
PCI is a set of strict security standards relating to storage, processing, or transaction of credit card data, developed by the leading payment brands, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. The standard was created to increase controls around cardholder data to reduce credit card fraud. CS-Cart meets PCI DSS requirements.
The General Data Protection Regulation’s primary aim is to give individuals control over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. GDPR also regulates the transfer of personal data outside the EU and EEA areas. CS-Cart is GDPR-compliant out of the box.
Code security and protection from unauthorized access and attacks. This what CS-Cart is about. We implemented special procedures and coding techniques to the development process and security means to the product itself to make the platform super safe.
Secure coding and regular in-house penetration testing
Our senior developers and cybersecurity specialists analyze CS-Cart’s code on a regular basis to make sure there are no flaws and coding patterns that can be potentially insecure. Every development task goes through the code review procedure.
Secure data transfer channels support
CS-Cart has built-in means of sensitive data encryption. For data transfer, it fully supports secure data transfer channels. At rest, the sensitive data is stored and encrypted in the database.
Protection from hacker attacks
CS-Cart has built-it protection from SQL-injections (SQLi), cross-site scripting (XSS), and cross-site request forgery (CSRF)
Safe data storage
CS-Cart doesn’t store passwords—password hash only. All the sensitive data is encrypted.
File system consistency check
If the core files of your CS-Cart installation are modified, you will immediately know about that.
Unique admin panel address
You can set a custom admin panel web address so that only you and your staff know it. That greatly reduces the risk of penetration.
Password strength and lifetime control
You can set the minimum password length and how long it will work. Once the password expires it has to be reset.
Authorization attempts control
The logging system will tell you if there were any brute force attempts.
Every session is assigned to its user agent. If the user agent changes during the session, the session becomes invalid.
Flexible user role system
CS-Cart and CS-Cart Multi-Vendor feature a powerful user role system out of the box. If you have several departments like the sales team, support team, designers, content makers, and other employees, you can allow each team to only access the features they work with and restrict them from accessing functionality they don’t use.
Data backup, restore, and export
In CS-Cart and CS-Cart Multi-Vendor, you can backup and restore all the data including the database. You can even set up automatic data backup via CRON. Full data export is also available out of the box.
Open source code
You have full access to the source code of CS-Cart and Multi-Vendor. You can read, modify, and control it.
Built-in spam filter
CS-Cart and Multi-Vendor feature built-in Google reCAPTCHA.
Multi-Vendor has the vendor data pre-moderation function that allows you to view, approve, or disapprove vendors and their content and products before they appear on the marketplace.
We care about the security of our human resources and the company in general. This is as important as the security of the product itself. Our employees are well-trained in terms of security and data protection, and the tools we use every day are kept up to date.
Company security policy
We have a set of corporate security rules that every employee must strictly follow without exceptions.
Employee security training
Once a year we perform a security audit in the company and make sure all the employees follow the security policy.
Security coding training
We perform a code review procedure for every task and use code analyzing scripts. Those scripts scan the code and discover code fragments that can be potentially insecure. Based on this data, we train our programmers to code securely.
Non-disclosure agreement and security policy
Every employee signs these documents personally.
The proven procedure of closing vulnerabilities
If a vulnerability is detected, we eliminate it in 3 steps:
- Closing the vulnerability in the code
- Releasing a hotfix
- Sending the hotfix to our customers
Corporate tools are always up-to-date
Every tool that we use in our everyday routine—from the development tools to the corporate messenger—we keep up-to-date.
Our internal resources are heavily protected from penetration.
Passwords are safe
We use specialized enterprise-grade services to share and store passwords.
2-factor authorization where possible
Our corporate accounts are protected with 2-factor authorization—this is obligatory for every employee.