How does Magento Commerce handle the payment gateway?
Magento Commerce requires payment gateway integrations where credit card data is passed directly from the consumer’s browser to the payment gateway. Card data is never available on the production environment. Actions on the transactions by the e-commerce application are completed using a reference to the transaction from the gateway.
How does Magento Commerce handle privacy issues?
Adobe is Privacy Shield self-certified, which is a European Commission-approved mechanism that enables the transfer of personal data from the European Union and Switzerland to the United States.
What happens with sensitive data in Magento Commerce?
Using our service, you may use or store either personally-identifiable information (PII) on consumers or confidential data from your customers. Protection of customer and consumer data is one of our critical obligations.
How will my store data be protected?
Amazon Elastic Block Store (EBS) is used for storage. All EBS volumes are encrypted using the AES-265 algorithm. This means that the data will be encrypted at rest. The system also encrypts data in transit between the CDN and the origin, and between the origin servers. Customer passwords are stored as hashes. Sensitive credentials including those for the payment gateway are encrypted using the SHA-256 algorithm. The Magento application does not support column or row level encryption or encryption when the data is not at rest, or not in transit between servers.