Security
Volusion fosters a security-centric approach to developing and maintaining its ecommerce platform.
Encryption
Volusion uses industry leading encryption algorithms to encrypt sensitive data. While at rest, data is encrypted using AES-256. This is the algorithm used by the US Government and around the world to store data securely. And when data has to be sent over the internet, Voluison supports the use of TLS v1.2 to ensure data arrives securely.
Approach and Technologies
Volusion uses a defense-in-depth model to cyber security that includes market-leading commercial and open-source solutions at various layers. Network traffic is inspected using a web application firewall (WAF) and intrusion prevention system (IPS). Once through that layer, activity on servers is analyzed using a heuristic-based endpoint security solution. Changes to critical files are monitored using a file integrity monitoring (FIM) solution. All of these systems send logs to a centralized solution used to gain a comprehensive picture of suspicious or malicious activity.
Testing
Volusion understands that it isn’t good enough to build a secure ecommerce platform. You have to test it against real world threats. In addition to ongoing testing by highly experienced security team members, Volusion engages with a leading organization to perform penetration testing every six months. Finally, Volusion partners with a leader in the bug bounty space to manage an ongoing program to reward independent security researchers (white-hat hackers) to identify and responsibly disclose vulnerabilities.
Secure Payments
Volusion uses a variety of methods to ensure payments made on merchant stores are secure. Depending on the payment processor used by the merchant, the checkout process is either managed through a redirection or using an iFrame to capture payment data. At all times, shopper data (including credit card data) is sent using military-grade encryption.
Shared Responsibility
Keeping your Volusion store’s data secure is a shared responsibility between Volusion and you as the store owner. While Volusion manages the security of the software and infrastructure, it is equally important for merchants to manage store security such as administrative access and the use of third-party extensions properly.
See the chart below for an overview of Shared Responsibilities or view a detailed breakdown for each PCI requirement here.
Merchant
Responsible for store data
and security
Orders, Customers and Inventory
Themes and Assets
Products and Content
Passwords and Authentication
User Roles and Permissions
Access via / to Third Party Integrations
Ecommerce Platform
Responsible for platform
infrastructure and security
Payments Gateway
Interface and Dashboard
APIs
Databases
Servers
Disaster Recovery Backups
FTo report any security issues please email security@volusion.com.