Safeguarding Your Data Is Our #1 Priority
As an ally in protecting your data, Transact has created this Security & Trust Center as a centralized resource where you can find the latest information about our data security practices, protocols, and compliance.
A Framework for Success
We adopt a comprehensive approach to protecting your information security interests. Transact follows the risk-based standards of the U.S. Commerce Department's National Institute of Standards and Technology (NIST) cybersecurity framework:
Identify
foundational business needs, functions and risks
Protect
information by installing robust safeguards
Detect
and contain potential incidents quickly
Respond
to incidents and mitigate risks
Recover
systems and data with as minimal disruption as possible
Security Rating
The BitSight Security Rating is the industry's only cybersecurity rating independently correlated to the likelihood of a cyber breach and an organization's stock performance. The BitSight security rating works much like a credit rating and is trusted
by 20% of Fortune 1000 companies, the Big 4 accounting firms and insurance companies that underwrite 50% of the global insurance premiums.*
*According to BitSight (https://www.bitsight.com/security-ratings)
Attestations and Compliance
To ensure that our customers' data confidentiality, integrity and availability are maintained, Transact conducts multiple internal and third-party audits on a scheduled basis. Our external certifications include:
Transact is committed to quality control and maintaining our high standards. Service Organization Control (SOC) 2 Type II certification demonstrates that an independent accounting and auditing firm has reviewed and examined an organization's control objectives and activities and tested those controls to ensure that they are operating effectively.
Request a Copy
Transact customers can rest assured that their credit card information is protected. The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that companies that process, store, or transmit credit card information maintain a secure environment.
Request a Copy
We are proud to be listed on Visa's global registry of service providers. This prestigious list is the payment industry's go-to source for information on registered and compliant agents providing payment-related services to Visa clients and merchants.
View NowTransact's cloud computing products have been certified through the Texas Risk and Authorization Management Program (TX-RAMP). This certification highlights our ability to provide secure and reliable solutions that meet stringent compliance standards.
View NowPolicies, Protocols and Practices
We believe in being transparent about the way Transact conducts business. Here are the ways that we demonstrate our commitment to being a partner that you can trust and depend on:
Transact has implemented a secure software development lifecycle (secure SDL), requiring our product teams to include security training, tools, and processes that are in alignment with the Open Web Application Security Project (OWASP) and NIST. These guidelines include secure coding implementation in application architecture, authentication, session management, access controls and authorization, event logging, and data validation.
Network Security
Transact's network architecture ensures that sensitive data is protected through best business practice security policies and procedures. This includes hardened router configurations, network segmentation, Distributed Denial of Service (DDoS) protections, proactive monitoring, active vulnerability assessments, digital certificates, etc.
Host-Based Security
Transact employs a hardened, approved, and standardized build for every type of server used within the production infrastructure. This procedure disables unnecessary default user IDs, closes unnecessary or potentially dangerous services and ports, and removes processes that are not required.
Disaster Recovery, Business Continuity and Incident Response
Transact uses a high-availability architecture to ensure that, in the event of a failure, service performance continues to meet client expectations. Transact also maintains SOC 2 Type II, which requires the production, maintenance, and testing of a Disaster Recovery Plan (DRP). The current DRP is a formal recovery procedure for recovering the entire application in a different region. The DRP is tabletop tested annually and Transact also performs disaster simulations to test failover to secondary systems.
$331B+
Transactions Facilitated
Since 2017
$53BTransactions Facilitated
12M+ Customers Served Annually