Menu
Feedback
Start here
Tutorials
Developer portal
Known Issues
Support Rules
Troubleshooting
Frequently Asked Questions
Announcements
Tutorials
Explore in-depth tutorials for operating your VTEX store.
Tutorials
Security
Platform security resources
SmartCheckout Security
SmartCheckout Security

SmartCheckout™ is a feature developed to increase your sales while maintaining the same level of security standards. This is possible because SmartCheckout™ allows the customer to make a purchase using only their email address. The only details requested from the customer are the basic shipping, billing, and communication information.

VTEX stores can benefit from:

  • Seamless and agile shopping experience.
  • Increased repurchase rate.
  • More conversions.
  • Increased security and less worries about passwords.

Is this feature safe?

To better explain how SmartCheckout™ works from a safety point of view, let's imagine two characters:

  • A customer, whose information is already stored on the platform.
  • A scammer, intending to make a purchase using another person's information.

The vulnerability assumption claims that if a scammer has a customer's email address it's enough to get hold of the customer's card and address details and, consequently, to start making purchases using the customer's information. However, this is not possible because authentication via email requires a temporary access code sent to the email address provided by the customer. Therefore, the person must have access to that email inbox.

This means that the scammer would have to authenticate via login or by using an email access code when trying to make a purchase using another person's email. Without authentication, it's not possible to access or edit the account details, such as shipping address, payment details, or email. For purchases using credit card payment, it's also necessary to insert the card security code (CVV).

Moreover, at checkout, the information is hidden using a certified payment security standard PCI-DSS. According to this standard, the last digits of a card do not need to be hidden. The displayed information allows recognizing the payment method, but it's not enough for making a purchase.

With VTEX SmartCheckout™, safety comes first. If an email address is recognized, the way the details are filled in ensures that only the email owner will recognize the information. When accessing the store from the restricted domain myvtex.com, store operators can see the unmasked data in SmartCheckout to run tests. Access from this domain is restricted to store admins with the right access level and credentials.

Contributors
2
Photo of the contributor
Photo of the contributor
+ 2 contributors
Was this helpful?
Yes
No
Suggest Edits (GitHub)
Security certificate (SSL)
« Previous
Audit
Next »
Contributors
2
Photo of the contributor
Photo of the contributor
+ 2 contributors
On this page
Still got questions?
Ask the community
Find solutions and share ideas in the VTEX community.
Join our community
Request support from VTEX
For personalized assistance, contact our experts.
Open a support ticket
GithubDeveloper portalCommunityFeedback