VTEX offers different protections against possible attacks on stores. Still, there are settings and third-party products that may enhance the security of your operation. This article describes some of these resources:
- Anti-fraud solution
- Protection against transaction attacks
- reCAPTCHA v3 at Checkout
- orderForm settings
- Disabling password login
The measures in this guide do not entirely eliminate the possibility of an attack but may considerably reduce the likelihood of them happening if properly employed.
Anti-fraud solution
Anti-fraud systems specialize in analyzing ecommerce purchases to identify fraudulent transactions. They analyze customers' behavioral data and prevent suspicious purchases from being made.
Learn more about anti-fraud systems and how to use them on VTEX.
To increase security, set up your anti-fraud solution for all the payment methods available in your store.
Protection against transaction attacks
To access the documentation on this topic, insert your VTEX account name below, click the button and login into the Admin panel.
reCAPTCHA v3 at Checkout
reCAPTCHA is a user verification solution for orders paid by credit or debit card. It prevents the use of malware for fraudulent purposes.
We recommend using reCAPTCHA v3, which uses a quality score instead of pop-up validation and is, therefore, harder to circumvent in such scenarios.
Learn more about how to set up this verification at your store's checkout in the article reCAPTCHA at checkout. To implement reCAPTCHA V3 in a VTEX store, see the reCAPTCHA developer's guide.
reCAPTCHA verification is enabled by default when store customers go through the steps of adding credit cards, without having to be configured by the store.
orderForm settings
To access the documentation on this topic, insert your VTEX account name below, click the button and login into the Admin panel.
Disabling password login
If your store is still being attacked even with the mentioned resources enabled, we recommend disabling password login. This measure can be temporarily or permanently enabled, aiming to break the attack automation flow.
To perform this configuration:
- Go to Account settings > Authentication.
- Disable the password field.
Learn more about how to manage authentication methods for your store.