Monthly suggestions and recommendations to help make your Crimson Circle experience smoother and easier!


Crimson Circle has a plan to keep a safe cyberspace, and it involves YOU. 

We will soon require multifactor authentication (MFA) to use the CC store. Please keep reading for more information!

As we mentioned in our CC tips article last month, we’re diving deeper into the realm of Safe Cyberspace. 

For this month’s article, we sat down with Jorge Merino, Crimson Circle Senior Director of Technologies, to get the inside scoop on how we’re safeguarding Crimson Circle’s systems. Jorge is the wizard behind the digital curtains, and we wanted to know what it takes to keep our sacred online space safe and secure, ensuring your safety while you roam our digital platforms. 

Shaumbra Magazine: Hi Jorge. The entire team has talked on numerous occasions about cyber security. We know you guys are always pretty busy working on this, but today we wanted you to give Shaumbra an inside look at Crimson Circle’s plan to make sure that both payment and personal information stay safe when they shop online in the CC store.

Jorge Merino
Crimson Circle
Senior Director of Technologies

Jorge Merino: Here at Crimson Circle, we want Shaumbra to feel safe and secure when sharing their personal information with us. That’s why our tech team follows strict PCI DSS regulations to keep payments and other details protected. These regulations are crucial for anyone who handles customer information, and we take them very seriously.

Surprisingly, not all companies do this, but it’s been a core principle for Crimson Circle from day one.

What is the PCI DSS?

It is the Payment Card Industry Data Security Standard, which is a global forum that develops standards for safe payments worldwide.

What do we need to do to comply with the standard?

We have been working hard to make sure that Shaumbra’s information is kept safe and protected. To do this, we have added extra measures to our servers. Every 90 days, we send a report to the PCI to check everything carefully. This report makes sure that all our databases are coded correctly and our software is updated.

We work very hard to check if our systems have any problems. We use special tools from other companies to test if someone can break into our systems. Our team leaders regularly check important parts of our business like the store, website, and online Connection Center. They are also ready to fix any problems that might come up.

What are some of the challenges you have to deal with?

Our websites always have a difficult task to keep up with changing internet programs. When the programs are updated, they might have new ways to keep the websites safe, which could affect how they work. To keep up, we update our software often and add new rules to follow these new policies.

Actually, the most demanding task we have is the constant upgrading of operating systems, programming languages, and databases, along with patching our systems and software.

What can Shaumbra do to stay safe while using our systems and other systems they encounter every day?

To make sure a device is safe and working well, one needs to do three things: update the system, update the web browser, and avoid adding plugins (Chrome has many plugins).

When you talk about plugins, is it the same as extensions?

That is correct. 

Plugins and extensions are programs that you can add to your web browser, such as Firefox, Chrome, Safari, and others. However, you need to be careful when using them because they may not be fully checked by the browser makers. Some of them can even take your private information, like passwords, without you knowing it. So, it’s important to be cautious when using them, and if possible, prevent all of them from being on your system.

Another important thing is to add an extra layer of security to your accounts by using multi-factor authentication or MFA. Many apps offer this feature, and I suggest using Google Authenticator, which is well-known and supported, or others from Microsoft or other vendors. 

Another option is allowing the application to send a confirmation email, which is the second most secure option. 

Some people prefer the SMS or text message option, but in my opinion, these are not very secure. 

Why are SMS not that secure?

If someone steals your phone, they can easily take out the chip or SIM card and use it on another phone and steal your identity. Also, it’s easy for someone to hack and impersonate you if they know your phone number. So, it’s better to use a more secure authentication method.

What if a website does not offer the MFA option?

For websites without the multifactor authentication option enabled, like ours at the moment, the good practice is to have passwords with 12 characters (including numbers and symbols) and change them at least every 90 days.

Will Crimson Circle implement this multi-factor authentication option to log into the store in the future?

Yes. This is a layer we have been working on for the past few months. We are implementing multifactor authentication, and will offer two options to verify your identity:

  • Use the Authenticator app
  • Send the emails with the access code 

We won’t be using text messaging because it’s not secure and we don’t want to risk it.

We plan to introduce this new feature for Shaumbra in October 2023. At first, it will be optional, so they can get used to it. Eventually, everyone will have to use it, like most Web applications nowadays.

Why does it have to be mandatory?

The PCI DSS rules will force everyone in the industry to use MFA. That’s why you see more sites, like Amazon, eBay, and even newspapers, making it mandatory to log in with MFA.

Can you give other examples of things Shaumbra should watch for to make sure that they are shopping safely ANYWHERE online? 

To check if a website is safe, you need to look for something called HTTPS:// protocol in the website’s address. If it is not there, or if the lock icon is broken or red, you should close the website quickly. 

Another thing to check is the website’s name in the address. If you see a “1” instead of an “i” or “0” instead of “o”, it might be a fake website made by hackers. They like to use similar names like 

Also, make sure there is nothing after the website’s name like 

The same applies to bank websites and other sites like Amazon, eBay, Mercado Libre, and many others.

Thank you for all this information and everything your team is doing to support our cyber security. We look forward to sharing more about this with Shaumbra very soon!

If you have any questions, please send us a note to 



    1. Igual que varios Shaumbra, yo estoy muy desactualizada en estos temas.
      Gracias por ayudarnos a entender sobre esto y ojalá se sigan haciendo estos comentarios de forma tan simple, concisa y clara como el actual.

  1. ¡Gracias Jorge!

    Just curious. Is by any chance the name of your father also Jorge (M. de Villasante) and your mother Susy? Because if so, you are my nephew. And in this case I would be marvelously surprised that someone of my original family is into conscious awakening.

    In any case thank you for what you do together with all at Crimson Circle.

    1. Hola Luis, thanks for asking. We are not relatives. 😅

      Being at the Crimson Circle is my massion, it came as a beautiful synchronicity and it has been a great experience to be part of the Crimson Circle Staff for the last almost 4 years, a pleasure to be at the service of Shaumbra.

  2. Bethscheider Antje

    Vielen Dank für diesen informativen Artikel. Als Nicht-IT-Expertin hat mir diese Erklärung in der Einfachheit und Verständlichkeit sehr gefallen.
    Großes Lob an alle im Team.

  3. Thank you indeed for making our use of website secure. My elderly brain balks each time a step is added to the security process. I mutter and grumble to myself .. ‘Oh no, not another thing for me to remember / forget’! But I understand the need and tell my brain to stop pretending it can’t cope with such things. 🙂

  4. Jorge, why are you recommending the non-secure, not encrypted HTTP protocol for websites when HTTPS is the recommended standard — and has been since 2016?

  5. Thank you CC team for having our best interest at heart. No being so terribly computer literate I will need to learn as I go, however I know I am in great hands. Many blessings.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top