Encrypt Transmission of Data

Integrator Notes

To prevent sensitive data from being exposed on an open or public network, it must be encrypted using strong cryptography and security protocols. For the purposes of your storefront this means using an SSL certificate on your web server.

 

If you use wireless networks for communication with the storefront, web server, or database server you must encrypt the Wi-Fi transmissions (per PCI-DSS 4.1.1) with the following:

 

Use industry best practices such as IEEE 802.11i to implement strong encryption for authentication and transmission.
Use ONLY in conjunction with Wi-Fi protected access (WPA or WPA2) technology (WEP implementations are prohibited as of June 30, 2010), VPN or SSL/TLS
Restrict access based on media access code (MAC) address.
Per PCI-DSS 4.2, never send unencrypted Credit Card numbers by email or other public messaging technology such as instant messenger or email.

Configuration Notes

The admin section of Multifront can be set up to encrypt your data stream using HTTPS. To enable this you must select “Enable Secure Socket Layer (SSL) for this store" in the

Settings->Stores->Manage Store dialog. With this setting enabled Multifront will switch to HTTPS at the appropriate times such as when logging in.

 

Always install an SSL certificate on your production server. The “Enable SSL” option in Multifront is not set by default. On your first login to the Admin click on the “Use Secure Login (SSL)” to switch to https before typing in your user ID and password (SSL must be properly installed on your server).

 

Use 128 bit SSL to encrypt connections to Multifront to minimize data exposure.

 

This step is required to maintain compliance with PCI-DSS.