Don't blindly trust us.

Inspect our security measures and decide for yourself.

Your worst nightmare: the 2am phone call from your IT person saying, "Um, I think someone broke into the site." Followed by days of pure panic, down time, lost sales, papers to file; longer term repercussions like customer loss of faith, lawsuits, ending in financial damages owed to Visa and other major card issuers. FoxyCart gives you peace of mind: your customer's credit cards are safe, and your liability is largely outsourced.

To paraphrase a popular movie, "Security is hard. Anyone saying otherwise is selling something." There are Payment Card Industry (PCI) regulations, security monitoring, information security standards bureaus, and more. Without exaggeration hundreds of pieces that must come together just so to create a safe haven for data.

While you could spend a lifetime navigating the waters of internet and payment security in all it's amazing details you'd rather focus on what matters to you: earning more from your business and keeping your clients happy! FoxyCart does the heavy lifting for you. Our team of IT professionals vigilantly protects your data through multi-layered defenses, 24/7 monitoring, government-standard encryption, and constant attention to breaking security alerts.

Take the tour below of some of our security measures and see for yourself how FoxyCart protects you and your customers.

PCI DSS Compliance

Arguably the most important buzzword for ecommerce security is PCI DSS, the Payment Card Industry's Data Security Standard. FoxyCart is currently a Visa CISP registered Level 1 Service Provider. Please click here to learn more about FoxyCart's PCI DSS complaince.

PCI compliance, however, is just one of many ways that we work towards the most secure systems possible. Read on for additional information about our security.

Security Testing

Remember how we said not to blindly trust us? We follow our own advice and demand evidence that our security works. We test every step of the way and every change we make, which is why FoxyCart employs both automated testing and white-hat security experts. We ensure that our defenses protect what we want to protect: your data.

Are our systems are "impenetrable?" It's impossible to give an absolute answer to that question: only a system sitting in a locked room disconnected from the Internet could be completely impenetrable, and even then, there's no guarantee. Just check the news for any major government's recent security breaches from foreign hackers. (Seriously, hit that link and read it when you have time. It's amazing.)

What can we say, then? We are confident of your data's safety. Not just because we want you to use FoxyCart (we do!), but because the research and work done by our team and by experts in the field has proven the security of our system.

Did someone say, "security is easy?" Maybe it's time to take another look.

Additional Security Measures

In addition to our other precautions, we employ a variety of measures to ensure your (and your customers') data is secure at all times. This includes dual-factor authentication on all critical systems (including systems that aren't under PCI DSS scope), email encryption, private VPNs, and more.

SSL Certificates

SSL Partner

SSL is almost a given, but the short answer to your SSL-related FoxyCart questions is, "Yes, FoxyCart uses SSL encyption pretty much everywhere." We use a variety of SSL certificates from different providers, but we primarily use Digicert for * domains as well as for all custom subdomain certificates (though you may provide your own certificates in certain situations).

Responsible Disclosure

Our highest priority is keeping FoxyCart safe for our users and their customers. If you’ve discovered a security vulnerability in FoxyCart, we appreciate your help in disclosing it to us in a responsible manner.

Special Thanks

We appreciate the security professionals who have responsibly disclosed potential issues to us. Please visit our "Hall of Fame" for a list.

Examples of Security in the wild