Volusion uses industry leading encryption algorithms to encrypt sensitive data. While at rest, data is encrypted using AES-256. This is the algorithm used by the US Government and around the world to store data securely. And when data has to be sent over the internet, Voluison supports the use of TLS v1.2 to ensure data arrives securely.
Approach and Technologies
Volusion uses a defense-in-depth model to cyber security that includes market-leading commercial and open-source solutions at various layers. Network traffic is inspected using a web application firewall (WAF) and intrusion prevention system (IPS). Once through that layer, activity on servers is analyzed using a heuristic-based endpoint security solution. Changes to critical files are monitored using a file integrity monitoring (FIM) solution. All of these systems send logs to a centralized solution used to gain a comprehensive picture of suspicious or malicious activity.
Volusion understands that it isn’t good enough to build a secure ecommerce platform. You have to test it against real world threats. In addition to ongoing testing by highly experienced security team members, Volusion engages with a leading organization to perform penetration testing every six months. Finally, Volusion partners with a leader in the bug bounty space to manage an ongoing program to reward independent security researchers (white-hat hackers) to identify and responsibly disclose vulnerabilities.
Volusion uses a variety of methods to ensure payments made on merchant stores are secure. Depending on the payment processor used by the merchant, the checkout process is either managed through a redirection or using an iFrame to capture payment data. At all times, shopper data (including credit card data) is sent using military-grade encryption.
Keeping your Volusion store’s data secure is a shared responsibility between Volusion and you as the store owner. While Volusion manages the security of the software and infrastructure, it is equally important for merchants to manage store security such as administrative access and the use of third-party extensions properly.
See the chart below for an overview of Shared Responsibilities or view a detailed breakdown for each PCI requirement here.
Responsible for store data and security
Orders, Customers and Inventory
Themes and Assets
Products and Content
Passwords and Authentication
User Roles and Permissions
Access via / to Third Party Integrations
Responsible for platform infrastructure and security