Security Features Across the E-Commerce Platform

Our platform is designed with security as a core priority, ensuring both sellers and buyers can engage with confidence. Below is an overview of the key security functionalities available across the platform, covering both seller (CMS) and buyer (shopfront) user types.

1. Seller Access & CMS Security

Sellers access the platform via the Content Management System (CMS). To safeguard seller accounts and sensitive shopfront configuration data, the following measures are enforced:

  • Mandatory Two-Factor Authentication (2FA):
    All CMS users must authenticate using both:

    1. A password (email + password)

    2. A Time-Based One-Time Password (TOTP), generated through an authenticator app installed on a mobile device.
      See: CMS User Login with Two-factor Authentication

  • Password Requirements:
    Seller accounts are subject to strict password policies:

    • Minimum length: 8 characters

    • At least one uppercase character (A–Z)

    • At least one lowercase character (a–z)

    • At least one non-alphanumeric character (e.g., !, @, #)

These measures ensure strong authentication and protection against unauthorized access.

2. Buyer Authentication Options

Buyers accessing shopfronts have multiple secure login options available. Currently, all buyer-facing methods operate under single-factor authentication:

This flexibility allows buyers to select an authentication method that balances convenience with their personal security preferences.

3. Seller-Controlled Buyer Security Policies

Sellers can tailor their buyers’ security requirements within the CMS, helping align security with their brand’s policies and risk tolerance. Configuration options include:

  • Password Policies:
    Sellers can set specific rules such as:

    • Password expiration (in days)

    • Minimum password length

    • Minimum uppercase/lowercase requirements

    • Numeric character requirements

    • Restrictions on password reuse frequency
      See: User Password Rules

  • Session Management:
    Sellers can actively manage buyer sessions for added security:

    • Login Retry Limits: define how many retries buyers have before their accounts are locked, and how long they remain locked for
      See: Login Limits & Lockouts

    • Force Logout: Sellers may lock a buyer, immediately ending all active sessions and requiring re-login.

    • Password Reset Impact: When a buyer resets their password, all other active sessions are automatically ended.

4. Session Security & Version Control

  • Automatic Session Ending:
    Available as of version 4.42.27, our platform enforces that any critical actions (e.g., password reset, account lockout) end active sessions to prevent unauthorized continued access.

  • Software Updates:
    We strongly recommend that sellers and buyers always use the latest version of the platform. Updates include ongoing security improvements to mitigate risks as new threats emerge.

5. Additional Security Layers

  • reCAPTCHA Protection:
    reCAPTCHA is used in targeted scenarios—particularly where sensitive actions such as payments are involved—to mitigate automated attacks and bot-based fraud.

6. Summary of Security Coverage

  • For Sellers (CMS):

    • Enforced 2FA with password + TOTP

    • Strong password policies

    • Session control and forced re-authentication

  • For Buyers (Shopfront):

    • Multiple secure login methods (Microsoft, Google, Facebook, Magic Link, email + password)

    • Seller-defined password and session rules

    • Automated logout after resets or lockouts

  • Platform-Wide:

    • Latest version includes session-ending functionality (v4.42.27+)

    • reCAPTCHA protections for high-risk transactions

Final Note for Sellers

Security is a shared responsibility. While our platform provides robust authentication and session management tools, we recommend sellers:

  • Regularly review their configured password and session policies

  • Encourage buyers to use strong, unique passwords

  • Stay up to date with platform releases for ongoing security enhancements

  • No labels

© Copyright 2001-2023 Commerce Vision Pty Ltd. Use of this site signifies your acceptance of Commerce Vision’s Terms & Conditions. CV Connect, the Commerce Vision logos, and other Commerce Vision marks are assets of Commerce Vision Pty Ltd.