Volusion uses industry-leading encryption algorithms to encrypt sensitive data. While at rest, data is encrypted using AES-256, the algorithm used by the U.S. Government and around the world to store data securely. When data has to be sent over the internet, Voluison supports the use of TLS v1.2 to ensure that data arrives securely.
Volusion uses a defense-in-depth model to cyber security that includes market-leading commercial and open-source solutions at various layers. Network traffic is inspected using a web application firewall (WAF) and intrusion prevention system (IPS). Once through that layer, activity on servers is analyzed using a heuristic-based endpoint security solution. Changes to critical files are monitored using a file integrity monitoring (FIM) solution. All of these systems send logs to a centralized solution used to gain a comprehensive picture of suspicious or malicious activity.
Volusion understands that it isn’t good enough to build a secure ecommerce platform—it must be tested against real-world threats. In addition to ongoing testing by highly experienced security team members, Volusion engages with a leading organization to perform penetration testing every six months. Finally, Volusion partners with a leader in the bug bounty space to manage an ongoing program to reward independent security researchers (white-hat hackers) to identify and responsibly disclose vulnerabilities. To report any security issues, please email security@volusion.com.
Volusion uses a variety of methods to ensure that payments made on merchant stores are secure. Namely, our payments infrastructure is built on a Payments Orchestration platform that manages the entire payment process from start to finish. At all times, shopper data (including credit card data) is sent using military-grade encryption.
Our platform has maintained compliance with the Payment Card Industry’s Data Security Standard (PCI DSS) since early 2006. Categorized as a Level 1 Service Provider, Voluison is held to the strictest level of compliance to the PCI DSS. You can request an Attestation of Compliance (AOC) here.
Every current pricing plan includes a 256-bit encryption SSL certificate, which is automatically installed when the store goes live. Merchants who prefer different levels of security/encryption may purchase SSLs from a third party ($149 transfer fee).
One of the foundational elements of trust with an organization is the privacy of the data entrusted to them. It should be clearly defined what personal data the organization collects and how it is used. At Volusion, we approach everything we do with the privacy of the data entrusted to us top-of-mind. You can read our Privacy Policy here.*
*If you would like to submit a request regarding your personal data as a shopper visiting a Volusion-hosted store, please do so here. All others wishing to submit requests regarding their personal data including Volusion merchants, prospective merchants, partners, vendors, employees, and site visitors may use this link.