Account Security in Commerce7

At Commerce7, we take account security very seriously. For this reason, we have implemented a few security measures to prevent your staff and your customer accounts from being compromised.

Click here for more information on setting up staff accounts or here for more information on setting up accounts for designers, developers or data partners.

Account security measures with Commerce7

1. Only Admin Owners on a Commerce7 account can add or remove accounts for staff or partners.
2. Whenever a new account is created, all Admin Owners on the Commerce7 account will receive a notification emails.
3. Commerce7 staff cannot add or remove accounts on behalf of clients and partners that have access to your Commerce7 instance (ie. developers or designers) can only add staff from their own company.
4. Admin Users will be automatically logged out after 4hrs of inactivity.
5. Customers will be automatically logged out after 4hrs of inactivity.
6. When an Admin User logs out, they will be automatically logged out of every device they are logged in on (this is so if you accidentally forget to logout somewhere, you can logout on a device for a global logout).
7. When a customer logs out, they will be automatically logged out of every device they are logged in on.
8. After 5 bad login attempts, Admin Users will automatically be blocked for 30 minutes. (There is no visual indicator or way to know that an admin user has been blocked. This is to prevent hacking attempts).
9. After 5 bad login attempts, customers will automatically be blocked for 30 minutes. To see if a customer has been blocked, search for the customer under CRM > Customer > Search the customer and review their customer detail record.