Volusion Trust

Security

Volusion fosters a security-centric approach to developing and maintaining its ecommerce platform.

Encryption

Volusion uses industry leading encryption algorithms to encrypt sensitive data. While at rest, data is encrypted using AES-256. This is the algorithm used by the US Government and around the world to store data securely. And when data has to be sent over the internet, Voluison supports the use of TLS v1.2 to ensure data arrives securely.

Approach and Technologies

Volusion uses a defense-in-depth model to cyber security that includes market-leading commercial and open-source solutions at various layers. Network traffic is inspected using a web application firewall (WAF) and intrusion prevention system (IPS). Once through that layer, activity on servers is analyzed using a heuristic-based endpoint security solution. Changes to critical files are monitored using a file integrity monitoring (FIM) solution. All of these systems send logs to a centralized solution used to gain a comprehensive picture of suspicious or malicious activity.

Testing

Volusion understands that it isn’t good enough to build a secure ecommerce platform. You have to test it against real world threats. In addition to ongoing testing by highly experienced security team members, Volusion engages with a leading organization to perform penetration testing every six months. Finally, Volusion partners with a leader in the bug bounty space to manage an ongoing program to reward independent security researchers (white-hat hackers) to identify and responsibly disclose vulnerabilities.

Secure Payments

Volusion uses a variety of methods to ensure payments made on merchant stores are secure. Depending on the payment processor used by the merchant, the checkout process is either managed through a redirection or using an iFrame to capture payment data. At all times, shopper data (including credit card data) is sent using military-grade encryption.

Shared Responsibility

Keeping your Volusion store’s data secure is a shared responsibility between Volusion and you as the store owner. While Volusion manages the security of the software and infrastructure, it is equally important for merchants to manage store security such as administrative access and the use of third-party extensions properly.

See the chart below for an overview of Shared Responsibilities or view a detailed breakdown for each PCI requirement here.

Merchant

Responsible for store data and security

STORE DATA

Orders, Customers and Inventory

Themes and Assets

Products and Content

STORE SECURITY

Passwords and Authentication

User Roles and Permissions

Access via / to Third Party Integrations

Ecommerce Platform

Responsible for platform infrastructure and security

SOFTWARE

Payments Gateway

Interface and Dashboard

APIs

GLOBAL INFRASTRUCTURE

Databases

Servers

Disaster Recovery Backups

To report any security issues, please email [email protected].