Skip to main content

Safeguarding Your Data Is Our #1 Priority

As an ally in protecting your data, Transact has created this Security & Trust Center as a centralized resource where you can find the latest information about our data security practices, protocols, and compliance.

A Framework for Success

We adopt a comprehensive approach to protecting your information security interests. Transact follows the risk-based standards of the U.S. Commerce Department's National Institute of Standards and Technology (NIST) cybersecurity framework:

 

Identify

foundational business needs, functions and risks

 

Protect

information by installing robust safeguards

 

Detect

and contain potential incidents quickly

 

Respond

to incidents and mitigate risks

 

Recover

systems and data with as minimal disruption as possible

Security Rating

The BitSight Security Rating is the industry's only cybersecurity rating independently correlated to the likelihood of a cyber breach and an organization's stock performance. The BitSight security rating works much like a credit rating and is trusted by 20% of Fortune 1000 companies, the Big 4 accounting firms and insurance companies that underwrite 50% of the global insurance premiums.*

*According to BitSight (https://www.bitsight.com/security-ratings)

Attestations and Compliance

To ensure that our customers' data confidentiality, integrity and availability are maintained, Transact conducts multiple internal and third-party audits on a scheduled basis. Our external certifications include:

A Service Organization Control (SOC) 2 Type II Certification Logo

Transact is committed to quality control and maintaining our high standards. Service Organization Control (SOC) 2 Type II certification demonstrates that an independent accounting and auditing firm has reviewed and examined an organization's control objectives and activities and tested those controls to ensure that they are operating effectively.

Request a Copy
Payment Card Industry Data Security Standard Logo

Transact customers can rest assured that their credit card information is protected. The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that companies that process, store, or transmit credit card information maintain a secure environment.


Request a Copy
Visa on The List Badge

We are proud to be listed on Visa's global registry of service providers. This prestigious list is the payment industry's go-to source for information on registered and compliant agents providing payment-related services to Visa clients and merchants.

View Now
TX Ramp Certified Logo

Transact's cloud computing products have been certified through the Texas Risk and Authorization Management Program (TX-RAMP). This certification highlights our ability to provide secure and reliable solutions that meet stringent compliance standards.

View Now

Policies, Protocols and Practices

We believe in being transparent about the way Transact conducts business. Here are the ways that we demonstrate our commitment to being a partner that you can trust and depend on:

Application Security
Transact has implemented a secure software development lifecycle (secure SDL), requiring our product teams to include security training, tools, and processes that are in alignment with the Open Web Application Security Project (OWASP) and NIST. These guidelines include secure coding implementation in application architecture, authentication, session management, access controls and authorization, event logging, and data validation.

Network Security
Transact's network architecture ensures that sensitive data is protected through best business practice security policies and procedures. This includes hardened router configurations, network segmentation, Distributed Denial of Service (DDoS) protections, proactive monitoring, active vulnerability assessments, digital certificates, etc.

Host-Based Security
Transact employs a hardened, approved, and standardized build for every type of server used within the production infrastructure. This procedure disables unnecessary default user IDs, closes unnecessary or potentially dangerous services and ports, and removes processes that are not required.

Disaster Recovery, Business Continuity and Incident Response
Transact uses a high-availability architecture to ensure that, in the event of a failure, service performance continues to meet client expectations. Transact also maintains SOC 2 Type II, which requires the production, maintenance, and testing of a Disaster Recovery Plan (DRP). The current DRP is a formal recovery procedure for recovering the entire application in a different region. The DRP is tabletop tested annually and Transact also performs disaster simulations to test failover to secondary systems.
Privacy Policy
Cookie Policy
Accessibility Policy


$331B+
Transactions Facilitated
Since 2017

$53BTransactions Facilitated

12M+ Customers Served Annually

Transact is Trusted By More Than 1,940 Higher Education Institutions

Key Reasons Campuses Nationwide Trust Us

App & Mobile Website Award Icon

2022 Gold Stevie® Award:
App & Mobile Website
Transact Mobile Credential

Most Innovative Tech Company Award Icon

2022 Silver Stevie® Award:
Most Innovative Tech Company
Up to 2,500 employees

New Product, FinTech Solution Award Icon

2022 Silver Stevie® Award:
New Product, FinTech Solution
Transact International Payments

App & Mobile Website Award Icon

2022 Bronze Stevie® Award:
App & Mobile Website
Transact Mobile Ordering

Subscribe to Transact Updates

Subscribe Now