When a consumer visits a Sophio store, they usually land on a page with an address like this: http://www.sophio.com. Notice that the http is not https. When you see https, it is a 'secure' page, when you see http it is not secure. The Sophio system will change to https when we ask the visitor for personal information such as email address, or payment information. Sometimes the request is on a page that is insecure, but when the submit button is pressed, we send the personal information to an https page so that it is secure. We follow the PCI rules which are set by the government.
When it comes to passwords, your site will generate a password for each buyer. We do have a 'lost password' page that will email the system generated password to the consumer IF they had an account. Accounts are created for each buyer when they checkout of your store. We actually generate them a complex password that is only necessary when and if they return and want to login to their account. This password is given to the consumer when they checkout and can be seen on the email order confirmation as well as the on screen order confirmation. Some of our merchants have asked us to hide the password entirely. We have advanced settings to do that.
