eComchain offers enhanced security features

B2B, B2B2C, B2C, PCI-DSS compliant, Security

eComchain, a Cloud-based eCommerce platform, hosted on AWS with an additional level of security provided by Alert Logic 24/7 that manages detection of intrusions and cyber attacks. eComchain is fully committed to protecting client data ensuring all the electronically transmitted data follows the security compliance guidelines.

As a part of enhancing the compliance framework on the platform – eComchain has the PCI-DSS compliant attestation from AlertLogic that focusses on the following control objectives:

Build and maintain a secure network
Protect Cardholder data
Maintain a vulnerability management program
Implement strong access control measures
Regularly monitor and test networks
Maintain an information security policy

Trusted Accessibility and secure Authentication are two main areas where eComchain’s compliance features have been refined. To highlight a few of the important security features that eComchain has deployed or would be deploying in the next few weeks, that you as customers would be coming across when you use the platform, are as follows :

If a session has been idle for more than 15 minutes users will be required to re-authenticate (for example, Re-enter the password) to re-activate the terminal or Session

Strong Cryptography is being used to render all authentication credentials (such as passwords/ passphrases) unreadable during transmission and storage on all system components

User identity will be verified before modifying any authentication credential (for example, performing password resets, provisioning new tokens or generating new keys)?

User password parameters configured will require passwords/passphrases that meet the following

A minimum password length of 8-7 characters

Contain both numeric and alphabetic characters

Alternatively, passwords/ passphrases must have complexity and strength at least equivalent to the parameters specified above

Password will need to be changed at least once every 90 days

User will need to submit a new password/phrase that is different from any of the last four passwords/passphrases he or she has used when resetting the password after 90 days

Users will be provided with guidance on selecting strong authentication credentials and they should protect their authentication credentials

Users will be provided with instructions not to reuse previously used passwords

There will be instructions that users should change passwords if there is any suspicion the password could be compromised

When eComchain super-admins try to update the customer passwords (either by Editing the Customer / User info or through Bulk Uploads), they will need to go through an added level of security reauthentication. This ensures storefront users’ passwords are well-secured and protected against any unauthorized access

Another feature is the password strength recommendation and the provision of an active strength-checker to make sure that users can themselves set their restrictive and competitive strong passwords. Once successfully logged in, session timeout for idle/inactive users ensures data confidentiality after, say, 15 minutes of the inactive session.

During the first quarter of this year, eComchain successfully partnered with A-Lign to complete a SOC 2 Type 2 readiness assessment in preparation to the SOC 2 examination for tightening eComchain’s control environment design specifically targeted at the ‘Security’ control category. Based on the feedback received from this external audit firm, eComchain has implemented effective and time-efficient controls to mitigate the potential control gaps.

The various levels of security classifications on eComchain that the service auditors performed their independent fieldwork to give us the attested readiness for SOC 2 were: