d
Topic
Posts:
1
April 22, 2014

How secure is Shopify This post is outdated

Hello,

I'm looking into getting business insurance and was having a think about cyber insurance. Two things I'd like to understand:

- are Shopify websites protected from inbound attacks - DDOS, Trojans etc?

- how are my online customers protected in the event of my Shopify website being compromised?

Any help or advice on how secure Shopify is would be greatly appreciated!

Thanks in advance.

i
Replies
Massaad Shopify Employee www.alexthegreat.ca
Posts:
349
Last edited May 12, 2014

Hello Louise, 

Online security is our business, this is 100 percent of the reason we created Shopify. Our focus is on continually strengthening the trust of our ecosystem so our merchants feel safe having Shopify as the home base for their brand. 

Shopify (as any site on the Internet) can be targeted by inbound attacks such as DDOS and we are geared towards extremely high levels of protection. The slowdown is not typically ever noticed as we bring many resources online ahead of this type of noticeable effect. 

Your customer's financial information is never stored by Shopify so your store is not a target of fraudsters  . . . compared to another target your Shopify store would be very boring. For example our payment gateway communication is very carefully created to ensure that the financial data cannot be targeted by fraudsters. 

What I can't share is the specific technical details ( although as a computer geek and fellow Shopify store owner it is very impressive, responsible and very safe)

In short to answer your questions: 

- are Shopify websites protected from inbound attacks - DDOS, Trojans etc? 

Yes, we are heavily protected above industry standard. We are fully PCI compliant (Shopify is certified Level 1 PCI DSS compliant). http://www.shopify.ca/pci-compliant ;

- how are my online customers protected in the event of my Shopify website being compromised?

By design there is not customer financial data in our systems. Your store is protected with a unique password and login. This means in the rare event that you inadvertently shared your login information with a third party no customer account information exists. 

If you believe that you may become careless with your login information it may be valuable to have cyber insurance, however Shopify as a platform is rock solid so the insurance company will not likely ever see that sort of claim.

Alex Massaad support@shopify.com