ChannelEngine facilitates efficient multichannel selling, streamlining of operations and helps our partners maximize their online sales. It is essential for our business partners to securely use the ChannelEngine application while it is integrated with various ecommerce platforms using the Merchant API. To achieve the security goals of confidentiality of information, availability of the platform and integrity of communicated data between the communicating platform, the following measures should be taken;

ACCOUNT SECURITY

Create strong, unique passwords for accounts on the ChannelEngine application. Avoid sharing the credentials and password reuse across the applications Furthermore, enable two-factor authentication for an extra layer of security. Our partners and merchants are further encouraged to create service accounts with elevated rights to perform administrative operations but not everyday operations.

USER ACCESS AND PERMISSION

Partners and merchants are responsible for managing user access to the ChannelEngine application. The management involves implementing strong authentication, enforcing password policies and maintaining user roles and permissions. The ChannelEngine application enables using API keys for authentication, which should be inserted in a URL header. It is also essential to regularly review user access and remove access for users who no longer require it.

INTEGRATION SECURITY

Establish secure API connections with the ChannelEngine application using HTTP over SSL/TLS (HTTPS) for encrypted data transmission and authentication. Securely manage API keys and limit their permissions. Our merchants are advised to check their testing flow and compare it with ChannelEngine’s standard test flow to find out if any specific parts of the integration were missed.

DATA PROTECTION

Data should be encrypted both at rest and in transit to ensure data security and compliance with GDPR. ChannelEngine enables data protection by anonymization of customer order data in line with requirements of GDPR.

SECURE COMMUNICATION

When seeking support, sensitive information e.g API keys, should be shared using secure communication channels like encrypted emails, secure messaging platforms to protect information from unauthorized access.

SOFTWARE UPDATES AND PATCHES

Our merchants are advised to regularly check for patches and releases provided by ChannelEngine and other software vendors, and install them in a timely manner to mitigate vulnerabilities and weaknesses.

INCIDENT RESPONSE AND REPORTING

Our clients are encouraged to promptly report any security incidents, bugs or suspicious activities while using the application. Merchants regularly seek support from the customer support team. When communicating sensitive information to the team e.g API keys, use secure communication channels like encrypted emails, secure messaging platforms to protect information from unauthorized access.

MONITORING AND ALERTING

Set up monitoring and alerting mechanisms within the environment to detect any suspicious or unauthorized activities. The activities include API usage, data transfers, account creation and system logs for any anomalies that might indicate a security breach.

AWARENESS AND TRAINING

Our partners are encouraged to train their employees on security best practices when using ChannelEngine. The practices include identifying phishing attempts, securely sharing credentials for support and secure authentication.