Press release

Transact’s Practices for Security, Confidentiality and Availability Stand up to Scrutiny as Company Successfully Completes Annual SOC 2 Type 2 Examination, PCI DSS Assessment, and Penetration Tests

Sponsored by Businesswire

While the pandemic environment has introduced new security risks and elevated current ones, Transact’s practices for security, confidentiality and availability continue to stand up to scrutiny. Today Transact, the leader in innovative payment solutions for a connected campus, announced the successful completion of its annual SOC 2 Type 2 examination, PCI DSS assessment, and penetration tests.

This press release features multimedia. View the full release here:

As a best practice, Transact regularly tests the effectiveness of the various security measures through a combination of automated scanning systems and penetration tests. Transact has a longstanding reputation for strict adherence with relevant regulations.

Transact’s SOC 2 Type 2 examination covered Transact’s cloud-hosted products related to the AICPA Trust Services Criteria for Security, Confidentiality and Availability; providing assurance that controls were designed and placed into operation over a period of time. The PCI DSS assessment covered the company’s procedures for managing payment card information for its Payments and TS SaaS products. Lastly, penetration testing evaluated the performance of the company’s cybersecurity controls for those same products in a real-world scenario.

“These achievements reflect Transact’s commitment to data security, while giving them a competitive edge in their industry,” said Danielle Kucera, Co-Founder and Quality Director, 360 Advanced, Inc., the third-party auditor. “Our integrated engagement not only allows Transact’s clients insight as to how Transact safeguards customer data, but also provides critical feedback regarding the operational effectiveness of controls.”

“It is a point of pride that our technologies are compliant with all relevant regulations and that we go above and beyond industry requirements for data security,” said Brian Austin, Chief Technology Officer, Transact. “Our compliance and information security efforts include regular daily, weekly and annual testing to identify and address weaknesses and validate corrections.”

“We highly value the feedback we get from our auditors at 360 Advanced,” continued Austin. “Their strong technology backgrounds and focus on service providers help us raise the bar for our data security, confidentiality and availability practices.”

In addition, the company recently received its annual Attestation of Compliance (AoC) for the Payment Card Industry Data Security Standard (PCI DSS). The AoC, which was also completed by third-party assessor 360 Advanced, documented that Transact has upheld security best practices to protect cardholder data. The company has maintained full compliance with the PCI program since its creation in 2006.

Transact is also certified as a Level 1 Service Provider under both VISA Cardholder Information Security Program (CISP) and MasterCard Site Data Protection (SDP).

Further, Transact successfully completed its Nacha ACH Rules Compliance Audit that confirmed compliance with NACHA rules for safeguarding customers’ sensitive financial and non-financial data and ensuring ACH transactions are handled smoothly and securely.

For more information, visit and


About Transact

Transact is the leader in innovative payment solutions for a connected campus. Its highly configurable, mobile-centric campus technology ecosystem simplifies the student experience across the full spectrum of student life. Transact’s offerings include integrated solutions for tuition and other student expense payments, multi-purpose campus IDs, and campus commerce. With a long-standing reputation of serving the higher education community, Transact proudly assists millions of students each year with its innovative products and solutions. For more information, visit

About 360 Advanced

360 Advanced is “Making Better Businesses” through their Cybersecurity and Compliance offerings. Services provided include SOC 1, SOC 2, SOC 3, SOC for Cybersecurity, SOC for Supply Chain, CSA STAR, HIPAA/HITECH, ISO 27001, PCI-DSS, HITRUST CSF, Microsoft SSPA Attestation, Penetration Testing, GDPR, CCPA, CMMC and more. In certain states, 360 Advanced may operate under the name of Hiestand, Brand, Loughran, P.A. to meet State Board requirements for CPA firms. To learn more about 360 Advanced, visit

For more information on compliance solutions, contact Jim Brennan at