Volusion uses industry leading encryption algorithms to
encrypt sensitive data. While at rest, data is encrypted using
AES-256. This is the algorithm used by the US Government and
around the world to store data securely. And when data has to
be sent over the internet, Voluison supports the use of TLS
v1.2 to ensure data arrives securely.
Approach and Technologies
Volusion uses a defense-in-depth model to cyber security that
includes market-leading commercial and open-source solutions
at various layers. Network traffic is inspected using a web
application firewall (WAF) and intrusion prevention system
(IPS). Once through that layer, activity on servers is
analyzed using a heuristic-based endpoint security solution.
Changes to critical files are monitored using a file integrity
monitoring (FIM) solution. All of these systems send logs to a
centralized solution used to gain a comprehensive picture of
suspicious or malicious activity.
Volusion understands that it isn’t good enough to build a
secure ecommerce platform. You have to test it against real
world threats. In addition to ongoing testing by highly
experienced security team members, Volusion engages with a
leading organization to perform penetration testing every six
months. Finally, Volusion partners with a leader in the bug
bounty space to manage an ongoing program to reward
independent security researchers (white-hat hackers) to
identify and responsibly disclose vulnerabilities.
Volusion uses a variety of methods to ensure payments made on
merchant stores are secure. Depending on the payment processor
used by the merchant, the checkout process is either managed
through a redirection or using an iFrame to capture payment
data. At all times, shopper data (including credit card data)
is sent using military-grade encryption.
Keeping your Volusion store’s data secure is a shared
responsibility between Volusion and you as the store owner.
While Volusion manages the security of the software and
infrastructure, it is equally important for merchants to manage
store security such as administrative access and the use of
third-party extensions properly.
See the chart below for an overview of Shared Responsibilities
or view a detailed breakdown for each PCI requirement
Responsible for store data
Orders, Customers and Inventory
Themes and Assets
Products and Content
Passwords and Authentication
User Roles and Permissions
Access via / to Third Party Integrations
Responsible for platform
infrastructure and security