Encrypt Transmission of Data

Integrator Notes

To prevent sensitive data from being exposed on an open or public network it must be encrypted using strong cryptography and security protocols. For the purposes of your storefront this means using an SSL certificate on your web server.

If you use wireless networks for communication with the storefront, web server, or database server you must encrypt the Wi-Fi transmissions (per PCI-DSS 4.1.1) with the following:

•	Use with a minimum 104-bit encryption key and 24 bit-initialization value

•	Use ONLY in conjunction with Wi-Fi protected access (WPA or WPA2) technology, VPN or SSL/TLS

•	Rotate shared WEP keys quarterly (or automatically if the technology permits)

•	Rotate shared WEP keys whenever there are changes in personnel with access to keys

•	Restrict access based on media access code (MAC) address.

•	Per PCI-DSS 4.2, never send unencrypted Credit Card numbers by email or other public messaging technology such as instant messenger.

Configuration Notes

Always install an SSL certificate on your production server. The “Enable SSL” option in Singlefront is not set by default. On your first login to the Admin click on the “Use Secure Login (SSL)” to switch to https before typing in your user ID and password (SSL must be properly installed on your server).

Once you are securely logged into the Singlefront Admin, go to the Global Settings and check “Enable SSL”. From then on, your site will switch to HTTPS at the appropriate times.

This step is required to maintain compliance with PCI-DSS.