Security Awareness
OVERVIEW
ChannelEngine facilitates multichannel selling, streamlining of operations and helps our partners maximize their online sales. It is essential for our business partners to securely use the ChannelEngine application while it is integrated with various E-Commerce platforms using the merchant API. To achieve the security goals of confidentiality of information and integrity of communicated data between communicating platforms, the following measures should be implemented;
ACCOUNT SECURITY
Merchants and partners are required to create and enforce strong, unique passwords for accounts on their tenants. Avoid sharing the credentials and passwords reuse across the tenant. Furthermore, enable two-factor authentication for an extra layer of security or single-sign on. Our partners and merchants are also encouraged to create service accounts with elevated rights to perform administrative operations but not everyday-operations.
USER ACCESS AND PERMISSION
Partners and merchants are responsible for managing user access to their ChannelEngine tenant. The management measures include but are not limited to implementing strong authentication, enforcing password policies and managing user roles and permissions. It is also essential to regularly review user access rights and edit access rights for users whenever necessary.
SECURE INTEGRATION
Establish secure API connections with the ChannelEngine application using HTTP over SSL/TLS (HTTPS) for encrypted data transmission and authentication. Limit the permission of the API keys and avoid the use of deprecated protocols. Merchants should also check their testing flow and compare it with the ChannelEngine’s standard test flow to find out if any specific parts of the integration were missed.
DATA PROTECTION
Data should be encrypted both at rest and in transit to ensure both at rest and in transit to ensure data security and compliance with GDPR. ChannelEngine enables data protection by anonymization of customer order in line with requirements of GDPR.
SECURE COMMUNICATION
Support should be sought using secure channels, for instance by raising support tickets using the online support form. Sensitive information, e.g. API keys should be shared using secure communication channels like encrypted email, secure messaging platforms to protect the information from unauthorized access.
SOFTWARE UPDATES AND PATCHES
Our merchants are advised to regularly check for patches and releases provided by ChannelEngine and other software vendors, and install them in a timely manner to mitigate vulnerabilities and weaknesses.
UPDATES AND PATCHES
Merchants should regularly check for patches and releases provided by ChannelEngine and other vendors, and install them in a timely manner to mitigate against risks caused by known vulnerabilities.
REPORTING AND INCIDENT RESPONSE
Our clients and partners are encouraged to promptly report any security incidents, bugs or suspicious activities while using the ChannelEngine application.
MONITORING AND ALERTING
Our customers and partners are encouraged to set up monitoring and alerting mechanisms within their environments to detect any suspicious or unauthorised activities. The activities include API usage, data transfers, account creation and system logs for any anomalies that may indicate security breaches.
AWARENESS AND TRAINING
Our customers are encouraged to train their employees on security best practices when using the ChannelEngine application and other applications. The practices include identification of phishing attempts (e.g. unsolicited requests for demo accounts), secure sharing of credentials and secure authentication practices.
