Security Icon Security

Volusion fosters a security-centric approach to developing and maintaining its ecommerce platform.


Volusion uses industry leading encryption algorithms to encrypt sensitive data. While at rest, data is encrypted using AES-256. This is the algorithm used by the US Government and around the world to store data securely. And when data has to be sent over the internet, Voluison supports the use of TLS v1.2 to ensure data arrives securely.

Approach and Technologies

Volusion uses a defense-in-depth model to cyber security that includes market-leading commercial and open-source solutions at various layers. Network traffic is inspected using a web application firewall (WAF) and intrusion prevention system (IPS). Once through that layer, activity on servers is analyzed using a heuristic-based endpoint security solution. Changes to critical files are monitored using a file integrity monitoring (FIM) solution. All of these systems send logs to a centralized solution used to gain a comprehensive picture of suspicious or malicious activity.


Volusion understands that it isn’t good enough to build a secure ecommerce platform. You have to test it against real world threats. In addition to ongoing testing by highly experienced security team members, Volusion engages with a leading organization to perform penetration testing every six months. Finally, Volusion partners with a leader in the bug bounty space to manage an ongoing program to reward independent security researchers (white-hat hackers) to identify and responsibly disclose vulnerabilities.

Secure Payments

Volusion uses a variety of methods to ensure payments made on merchant stores are secure. Depending on the payment processor used by the merchant, the checkout process is either managed through a redirection or using an iFrame to capture payment data. At all times, shopper data (including credit card data) is sent using military-grade encryption.

Shared Responsibility

Keeping your Volusion store’s data secure is a shared responsibility between Volusion and you as the store owner. While Volusion manages the security of the software and infrastructure, it is equally important for merchants to manage store security such as administrative access and the use of third-party extensions properly.

See the chart below for an overview of Shared Responsibilities or view a detailed breakdown for each PCI requirement here.


Responsible for store data
and security


Orders, Customers and Inventory

Themes and Assets

Products and Content


Passwords and Authentication

User Roles and Permissions

Access via / to Third Party Integrations


Responsible for platform
infrastructure and security


Payments Gateway

Interface and Dashboard





Disaster Recovery Backups

FTo report any security issues please email [email protected].