Security Policy

Our site is not only scanned 24/7 by an independent company, we do not keep ANY sensitive information anywhere near our servers.  We utilize the latest 256-bit SSL security for all transactions, & have trained technicians who process every transaction, constantly checking for fraud. All credit cards are even processed on an ultra-secure server that belongs to the bank itself.
 
In over 150,000 transactions over the past 5 years, Essential Oil Exchange hasn't had a single customer's information compromised.  We take great pride in keeping your information safe, and will continue to keep up with all PCI requirements, self-assessments, and worldwide safety protocol standards to make sure that trend continues.


Security Monitoring

Monitoring is essential for effective e-commerce risk management.  Data generated by monitoring techniques allow EOX to measure performance and assess the effectiveness of security controls.

A.  Security Monitoring – EOX places a strong emphasis on using monitoring tools to identify vulnerabilities and, in a real-time mode, detect possible intrusions from external and internal parties (hackers).  As provided in the EOX internal security policy, staff instantly report security breaches promptly to appropriate management.

B.  Penetration Testing – Penetration testing is the process of identifying, isolating, and confirming possible flaws in the design and implementation of passwords, firewalls, encryption, and other security controls.  Tests simulate the probable actions of unauthorized and authorized users.  Because the tactics used by unauthorized users to infiltrate computer systems frequently change, penetration tests do no guarantee that firewalls will prevent all type of attacks.  EOX has contracted with a bonded outside firm that specializes in monitoring security for e-commerce carts to conduct penetration testing, provide results of those tests, and recommend manual or automated processes to ensure security.

C. Intrusion Detection – Transaction and audit logs are produced indicating network traffic on a real-time basis.  Systems are in place to notify the proper parties, or to terminate suspicious network connections.  Intrusion detection tools also enable management to maintain an incident database for tend analysis of network intrusions and attach attempts.