Security of Shopify vs. Magento

As any successful eCommerce merchant knows, growing a strong brand online requires developing a relationship with your visitors that is built on integrity and trust. Customers must feel safe and secure when transacting with your brand—and confident that parting with their money will be a great decision.

Shopify can’t solve the challenges of good messaging, solid storytelling, and adequately communicating with existing and potential customers to build trust. But Shopify can ensure the platform is secure and reliable.

Security is fundamental to eCommerce—whether it’s the transmitting and storing of your personal information or your payment details. PCI Compliance is the industry’s way of verifying security standards for organisations that handle online payments. PCI Compliance goes well beyond the software or platform to ensuring measure are in place to protect how the software is managed, deployed, and hosted—across the entire server stack.

While Magento certainly provides the ability to deploy PCI-Compliant storefronts, you as the merchant are responsible for ensuring that your site is safe and secure—or for trusting that your provider knows all they need to know to ensure this is the case. Scary.

Ensuring PCI Compliance is costly and time consuming. Since the burden of securing the data on the server is entirely yours, it creates headaches that further distract you from growing your business.

As an open-source solution, Magento is also prone to malware—and security breaches to the software itself are a regular concern. As an example, over 10,000 Magento sites were victim to the Guruncsite malware in 2015. Google was forced to blacklist over 8,000 storefronts in the first 90 days of the breach alone. Magento has been responsive by releasing security patches when threats are identified—10 of which have been released since January 2015. However, every security patch takes time and resources to deploy and test and it is likely you as the store owner will be paying for this—most likely through ongoing service and maintenance retainers with your provider.

Shopify Plus is the most cost-effective platform for ensuring security. With Shopify Plus, your site will be hosted—and automatically protected because Shopify is Level 1 PCI DSS compliant.

Shopify Plus also takes care of various compliance assessments and risk management, ensuring your site is secure—and helping you avoid the the need to manage regular, potentially costly, security assessments.

Shopify Plus provides a free site-wide SSL certificate to all clients. Most eCommerce websites use SSL encryption technology to protect a shopper’s personal information during the checkout process; but Shopify covers the entire shopping experience—from the first page your customers visit through to the final thank you page on completion of their order.

Once your certificate is activated, all traffic will be redirected from HTTP to encrypted HTTPS to ensure no customer slips through.