There’s a lot of attention to keeping your store secure, but keep in mind that no internet application is ever 100% secure. There are some things you can do to improve security in your site even more. Let’s look at some various areas.
Credit Card Security – As mentioned in the Payment Settings, CFWebstore no longer allows storage of credit card data, unless using tokens (i.e. Shift4 processing). This is due to tightening of PCI Compliance regulations that make storing card data highly risky and impossible to do at a strictly software level. It requires extensive security and encryption procedures to be in place and should only be done with the assistance of a highly skilled security specialty firm. It is important to note however, that if you take credit cards on your site (versus taking them only on an external site like PayPal) you will still need to fulfill Level 4 PCI compliance which generally requires a yearly scan of your web server to check for vulnerabilities.