SSL protects data that is transmitted between a browser and your web server. It is critical that you have SSL enabled on your web server, and this should be among the first steps taken after deployment. You will need to have a certificate issued for a domain that is included in your AbleCommerce license. Usually this is the same as the store domain.
AbleCommerce does not support any production installation that does not have SSL enabled. Additionally, our application will never display credit card details, even to super users, unless SSL is enabled.
Enabling SSL on the web server is outside the scope of this guide. Once your web server is properly configured, you must enable the feature within AbleCommerce. Access the merchant administration and go to Configure -> Security -> General.
The SSL configuration form is demonstrated above. You have the option of using an alternate domain, if you r certificate is issued for something other than your regular store domain. When you submit the form it will provide you with a link to test the SSL enabled admin. You should verify the test link to ensure you do not lock yourself out of the admin website.
Once SSL is enabled, the admin site will automatically run under the https context. Secure customer areas like login and account settings will also use https so that private data is not transmitted in the clear.
AbleCommerce allows you to specify separate password policies for administrators and consumers. The DSS requirements specify the following minimums for your administrator password policies:
To configure the password policies, access the AbleCommerce merchant admin and go to Configure -> Security -> Password Policy. The figure below demonstrates how to configure the policy to meet the minimum requirements:
For DSS compliance you cannot set the policy to anything less restrictive, but for increased security you can make the policy more restrictive than the minimum. For instance you could choose to require a longer password, require non letter characters, or lower the maximum password age.
These password policies also apply to any other applications, systems, and accounts that are related to your cardholder data environment.
In order to achieve PABP compliance, AbleCommerce 7.0 h as introduced some features that you must be aware of in regards to user accounts:
Additionally, you are advised to use strong passwords for all other systems and applications, including but not limited to your database passwords and your payment gateway merchant accounts. This also applies to accounts that are not regularly used, such as the default “sa” superuser account within your SQL Server database. Default accounts that are not in use should also be disabled whenever possible.
A payment gateway allows AbleCommerce to communicate with third party payment processors to handle credit card and eCheck transactions for your store. Use of a payment gateway will help you avoid the need to store credit card numbers in your database. This is also the only way to gain the benefit of the Card Security Code (CVV2), which helps reduce fraudulent transactions.
To configure a payment gateway, access the merchant administration and go to Configure -> Payments -> Gateways. Then click the “Add Gateway” button. A screen will display all of the gateways that are currently available to be configured. You will need to have a merchant account with one of these third party providers. Click the provider you wish to configure and then enter your merchant account details.
The available payment gateways included with AbleCommerce do not require credit card details once a transaction has been successfully authorized. For enhanced security, you should consider disabling card storage all together. This can be accomplished from the merchant administration by going to Configure -> Security -> General. You can uncheck the “Enable Credit Card Storage” box to prevent AbleCommerce from ever storing a card number to your database.
The benefit to this approach is that you gain the security of never recording a customer’s card information. However you should be aware of the following:
Be sure to inspect the setting for Account Data Lifespan if you do not disable credit card storage. The recommended value is 0, which means as soon as a payment is completed the encrypted account data will be wiped from the database. AbleCommerce will not allow you to retain the card data longer than 30 days after a payment is completed.
Sensitive data (such as credit card numbers) that must be stored to the database is protected with Advanced Encryption Standard (AES) cryptography. AES is a keyed encryption – you need a secret password to encrypt and decrypt the data. AbleCommerce 7.0 introduces a new interface for managing this key so that your sensitive data cannot be read by anyone who does not know the key.
When you deploy AbleCommerce it does not have a key set. If you are storing credit card data it is important that you set the encryption key after deployment. To manage your encryption key you must be logged in as an AbleCommerce super user. Go to Configure -> Security -> Encryption Key to access the key management interface.
To set your encryption key, fill in at least 20 characters of random text. This will help initialize the generator and produce a unique random key. You should change the key at least once per year.
Whenever you change the key it is very important to create a backup. If your web server crashes, the encrypted data in your database will unrecoverable without a restorable key backup. Once a key is set, the backup form will appear to the right of the Change Encryption Key section:
Click the Get Backups button to display the download links. You must download both key backup files. They should be saved to a physically secure location, for instance recorded to CD and placed in a locked cabinet.
On this same page is a form to restore a key backup. A restore needs to be done if the application is moved to a different web server.
As distributed, AbleCommerce does not include credit account details in any of the email notifications. Email is not a secure method of transport and should not be used. Use of unencrypted email could lead to data compromise. Merchants and/or developers implementing AbleCommerce should not attempt to customize this as a feature unless an email encryption solution is also implemented.