Security Glossary
Learn the essential security terms every Shopify store owner should know. 48 terms covering email security, clone detection, blocking, and more.
Email Security
10 termsBusiness Email Compromise (BEC)
A sophisticated scam where attackers impersonate executives or business partners to trick employees into transferring money or sensitive data.
DKIM
DomainKeys Identified Mail - an email authentication method that adds a digital signature to verify email integrity.
DMARC
Domain-based Message Authentication, Reporting & Conformance - an email authentication protocol that protects your domain from spoofing.
DNS Record
Database entries that map domain names to IP addresses and configure domain-related services like email authentication.
Email Blacklist
A list of IP addresses or domains identified as sources of spam, causing emails from those sources to be blocked or filtered.
Email Bounce Rate
The percentage of emails that couldn't be delivered and were returned to the sender.
Email Deliverability
The ability of your emails to reach recipients' inboxes rather than being filtered to spam or blocked entirely.
Email Spoofing
A technique where attackers forge email headers to make messages appear to come from your domain or a trusted sender.
Sender Reputation
A score assigned to your email sending domain and IP that determines whether your emails reach inboxes or spam.
SPF
Sender Policy Framework - an email authentication method that specifies which servers can send email on behalf of your domain.
Clone Detection
11 termsBrand Impersonation
When scammers pose as your brand through fake websites, social media accounts, or emails to deceive customers.
Canary Token
A hidden tracking element embedded in your website that alerts you when your content is copied to another domain.
Clone Site
A fraudulent website that copies your store's design, products, and branding to deceive customers.
Counterfeit Products
Fake products made to imitate legitimate branded goods, often sold through clone sites impersonating real stores.
Domain Registrar
A company authorized to manage the reservation and registration of internet domain names on behalf of customers.
Domain Squatting
Registering domain names that include brand names or trademarks with the intent to profit from the brand's reputation.
Homograph Attack
Using characters from different alphabets that look identical to create deceptive domain names.
Lookalike Domain
A domain name deliberately designed to visually mimic a legitimate domain, used to deceive users into visiting fraudulent websites.
Typosquatting
Registering domain names that are common misspellings or variations of legitimate domains to capture misdirected traffic.
Web Scraping
Automated extraction of content from websites, often used to steal product data, images, and pricing for clone sites.
WHOIS
A protocol for querying databases that store domain registration information, revealing who registered a domain and when.
Access Control
10 termsASN (Autonomous System Number)
A unique number assigned to a network operator that identifies their block of IP addresses, used to identify the organization behind internet traffic.
CIDR Notation
A compact method for specifying IP address ranges, used in IP blocking to cover multiple addresses with one rule.
Datacenter IP
IP addresses belonging to hosting providers and datacenters, often associated with bots rather than real customers.
Exit Node
The final server in a TOR or VPN chain that connects to the destination website, revealing the apparent IP address of the user.
Geoblocking
Restricting access to your website based on the visitor's geographic location.
IP Blocking
Preventing specific IP addresses or ranges from accessing your website.
Proxy Server
An intermediary server that forwards requests on behalf of users, masking their real IP address.
Rate Limiting
Restricting how many requests a visitor can make to your website within a time period to prevent abuse.
TOR
The Onion Router - an anonymous network that routes traffic through multiple servers, providing strong anonymity but often associated with fraud.
VPN
Virtual Private Network - a service that encrypts internet traffic and masks IP addresses, sometimes used to hide fraudulent activity.
Security Concepts
7 termsBot
An automated software program that performs tasks on the internet, often used for purchasing, scraping, or attacks.
CAPTCHA
A challenge-response test designed to determine if a user is human, protecting forms from automated abuse.
Credential Stuffing
An automated attack that uses stolen username/password combinations to attempt logins across multiple sites.
Honeypot
A decoy system or hidden form field designed to detect and trap malicious activity like bots and hackers.
Phishing
Fraudulent attempts to obtain sensitive information by disguising as a trustworthy entity in electronic communications.
Spear Phishing
A targeted phishing attack directed at specific individuals or organizations, using personalized information to appear legitimate.
Two-Factor Authentication (2FA)
A security method requiring two different forms of identification to access an account, significantly reducing unauthorized access.
Ecommerce Security
10 termsCard Testing
When fraudsters use your store to test stolen credit card numbers by making small purchases to verify which cards are still active.
Chargeback Fraud
When a customer disputes a legitimate charge with their bank to receive a refund while keeping the purchased product.
Content Protection
Measures to prevent unauthorized copying of your website's content, images, and designs.
Content Security Policy (CSP)
An HTTP header that controls which resources browsers are allowed to load on your page, preventing code injection attacks.
Mixed Content
When a secure HTTPS page loads resources (images, scripts) over insecure HTTP, creating security vulnerabilities.
PCI DSS Compliance
Payment Card Industry Data Security Standard - a set of security requirements for businesses that handle credit card information.
Right-Click Protection
Disabling the browser's right-click context menu to prevent easy saving of images and copying of text.
SSL/TLS
Encryption protocols that secure data transmitted between browsers and websites, shown by the padlock icon.
Trust Badge
Visual indicators on your website that signal security and legitimacy to visitors.
Verified Seller
An authentication process that confirms a business or individual is a legitimate, authorized seller of the products they offer.
All Terms A-Z
Protect Your Store Today
Understanding security is the first step. SecurEcommerce provides the tools to actually protect your Shopify store from these threats.
Get SecurEcommerce