Application and Data Security You Can Trust
 
                        BTMCommerce applications are built from the ground up to support sizeable B2B enterprises and complex, multi-level organizational hierarchies with thousands of employees and millions of website customers. BTMCommerce incorporates multiple levels of enhanced security measures, so your applications and data are protected and you maintain compliance with privacy regulations.
Application Security Features
Enjoy unparalleled control and customizable access by user as well
                        as support for complex
 hierarchies. Take advantage of the latest in encryption and customize
                        your login protocols.
 
                                Access Control
BTMCommerce products use Access Control Lists (ACLs) to establish rules that grant or deny access to different data types, including sensitive data. Every user in an BTMCommerce application has a role, and every role has a set of permissions configured to perform or restrict actions to entities and system capabilities. Limit data access and control permissions on a level as granular as a personal basis. Control what actions a user is permitted, whether it is just to view the latest sales report or entirely modify a customer’s order or authorize a payment. Restrict sales to work with leads and opportunities, while marketing has access to manage marketing lists and campaigns, and administrators access all systems globally. Maintain complete control over access to data and records directly from the UI without the need for developer assistance.
 
                                Layered Configuration
Unlike B2C sellers, B2B structures and processes are generally quite complex. A single enterprise may offer both goods and services through multiple sub-organizations, with each having dedicated websites for different regions or countries. BTMCommerce applications were built to tame the complexity of B2B enterprises.
Set up and configure any BTMCommerce application from the application configuration UI to specifically conform to your needs. Apply configuration at global, organization, website, and user levels.
Use Global settings to affect the entire application. Tailor Organization settings to configure options specifically for each organization and configure each website to conform to the features needed at each level of the enterprise. The user-level configuration provides employees the ability to adapt certain application settings to their personal preferences.
Global enterprises with multiple websites in various countries can set up the appropriate currencies and languages for each site. They can then add different local warehouses, manage inventory options, control the products displayed and even how they are arranged on each website.
 
                                Encryption
To prevent security breaches, BTMCommerce encrypts
                                            original data to keep it secure. We constantly review new technologies to
                                            support the latest and most robust encryption solutions. 
                                        
- Database column encryption allows us to choose what pieces of data to encrypt instead of encrypting the entire database file.
- User passwords are stored as irreversible hashes not open or encrypted text.
- HTTPS forced redirect ensures the security of the link between the browser and the webserver.
- Safe architecture of the online payment process and out-of-the-box integrations with payment gateways keeps transactions secure.
 
                                Password and Session
BTMCommerce products incorporate the best password practices to help prevent unsafe passwords and motivate users to create strong credentials. Admins can customize password and login restrictions for application users to:
- Configure the desired password length and complexity
- Enforce password change policy and password history
- Limit the number of login attempts
- Lock accounts after several failed logins to prevent brute force attacks.
In addition, we support multi-factor authentication to strengthen application security with the additional authentication factor.
 
                                OAuth, LDAP, and Google SSO
BTMCommerce applications also support IDPs that store and manage digital identities to let company users connect to the application securely, which is particularly important for efficiency and performance in large-scale companies. BTMCommerce applications support IDP services such as LDAP, Google SSO, and OAuth 2.0 credentials authorization.
 
                                Audit logs
BTMCommerce products support data audit functionality to track changes made to records in BTMCommerce applications.
View and track directly from the UI:
- Who changed a record
- When the change occurred
- What changed
Easily create data audit reports and track all login attempts to simplify security-related investigations.
 
                                Application Security Processes
Data security is critical for any eCommerce company. B2B eCommerce applications frequently store customer personal data, credit card numbers, and support online payments. BTMCommerce adheres to the latest security processes to prevent potential security threats, and constantly refines and improves security to remain on the cutting edge of safeguards, procedures, and policies to safeguard your customer data.
 
                            Secure Development
BTMCommerce utilizes standardized security best practices to maintain a secure development lifecycle. During development, BTMCommerce:
- Employs OWASP’s Top 10 list and best practices to produce the most secure code and shield from emerging security threats.
- Utilizes regular penetration testing to simulate potential attacks to ensure that cyber controls remain effective.
- Scans for vulnerability code and performs automated penetration tests as part of the CI pipeline.
 
                        Compliance
Information security should always be a leading factor in selecting a software vendor. BTMCommerce applications comply with the highest standards for security and help you meet local data privacy regulations.
Independently Verified Secure
                                    BTMCommerce submitted to an independent evaluation of internal controls policies and
                                    achieved SOC2 Type 2 compliance in security and availability in 2021. This
                                    certification confirms process application security and maturity, confirms our
                                    system is protected against unauthorized access, and is available and used for
                                    operation as committed.
PCI DSS Compliant
                                    BTMCommerce is PCI DSS compliant and is reassessed every year. This means that every
                                    resource we use, our servers, network, software, and configuration, comply with PCI
                                    DSS requirements. We securely handle all customer payment information and perform
                                    regular penetration tests and independent PCI DSS-approved vulnerability scans.
Want to Learn More About How BTMCommerce Connects to Your Business Ecosystem? Check out these free resources.
BTMCommerce believes that high levels of security should be by design and the default for every software product. Read more about BTMCommerce standards and practices as a data processor to support compliance with GDPR.
Read the ArticleAre you familiar with Service Organization Controls (SOC 2)? BTMCommerce fulfills all Security and Availability requirements of the Trust Service Criteria. Learn more about this third-party assessment of an organization’s controls for security, confidentiality, and availability.
If your eCommerce business takes credit cards as a form of payment, you must comply with PCI DSS standards for data security. Whether you deploy in the BTMCommerceCloud or on-premise, you must know your responsibilities. Read this informative article to better understand your responsibilities and how BTMCommerce helps you stay in compliance.
 
                     
  
 