McAfee SECURE sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Cart
Home Advanced Search Contact Us

Home  >  AbleCommerce 7

AbleCommerce Security (PABP/PCI Features and Settings)

Security (PABP/PCI Features and Settings)

  • Specify how many days to retain credit card numbers. The most secure option is to not save (0), but if you don't use a real time payment gateway you can retain the details for post order processing. If you store the credit card data only super users, admins and Jr' admins are allowed to view the credit card data.
  • Enable, and disable SSL. SSL is used to create a secure connection between the browser, and the server. Compatible with all SSL certificates.
  • Firewall allows you to block IP's, and IP ranges to help prevent fraud or to stop unwanted search engines from visiting your store. From the orders page there is a button that allows you to add to this list with one click. All IP's of users using the store in any manner are tracked.
  • Password policy for merchant administration users allows you to set minimum password length, require uppercase, require lowercase, require symbols, require non-letter, days before you're required to change password, password history in days, password history by number of passwords, maximum login failures before the account is locked, amount of time an account is locked, and the number of days before an inactive account is disabled.
  • Password policy for customers allows you to set minimum password length, require uppercase, require lowercase, require symbols, require non-letter, days before you're required to change password, password history in days, password history by number of passwords, maximum login failures before the account is locked, and amount of time an account is locked.
  • Sensitive account data is encrypted within the database using a secret key. You can generate new encryption keys, backup your existing encryption keys, and restore the encryption key from the backups.
  • Security audit log shows all successful login attempts, unsuccessful login attempts, audit log views, password changes, and admin user views of customer credit card number. This information is retained for a minimum of 3 months. Only super users may view this log.
  • CAPTCHA image on administrator login page to prevent brute force attacks.
  • Any user account can be disabled for fraudulent activity with the option of banning the IP.
  • Orders can be marked as fraud for later investigation.
  • The database connection string in the web.config file is encrypted.