Encryption
Volusion uses industry-leading encryption algorithms to encrypt sensitive data. While at rest, data is encrypted using AES-256, the algorithm used by the U.S. Government and around the world to store data securely. When data has to be sent over the internet, Voluison supports the use of TLS v1.2 to ensure that data arrives securely.
Approach & Technologies
Volusion uses a defense-in-depth model to cyber security that includes market-leading commercial and open-source solutions at various layers. Network traffic is inspected using a web application firewall (WAF) and intrusion prevention system (IPS). Once through that layer, activity on servers is analyzed using a heuristic-based endpoint security solution. Changes to critical files are monitored using a file integrity monitoring (FIM) solution. All of these systems send logs to a centralized solution used to gain a comprehensive picture of suspicious or malicious activity.
Testing
Volusion understands that it isn’t good enough to build a secure ecommerce platform—it must be tested against real-world threats. In addition to ongoing testing by highly experienced security team members, Volusion engages with a leading organization to perform penetration testing every six months. Finally, Volusion partners with a leader in the bug bounty space to manage an ongoing program to reward independent security researchers (white-hat hackers) to identify and responsibly disclose vulnerabilities. To report any security issues, please email security@volusion.com.
Payments
Volusion uses a variety of methods to ensure that payments made on merchant stores are secure. Namely, our payments infrastructure is built on a Payments Orchestration platform that manages the entire payment process from start to finish. At all times, shopper data (including credit card data) is sent using military-grade encryption.
donePCI Compliance: Our platform has maintained compliance with the Payment Card Industry’s Data Security Standard (PCI DSS) since early 2006. Categorized as a Level 1 Service Provider, Voluison is held to the strictest level of compliance to the PCI DSS. You can request an Attestation of Compliance (AOC) here.
doneSSL Certificates: Every current pricing plan includes a 256-bit encryption SSL certificate, which is automatically installed when the store goes live. Merchants who prefer different levels of security/encryption may purchase other SSL certificates we offer or can purchase from a third party ($99 transfer fee).