Safeguarding Your Data Is Our #1 Priority

As an ally in protecting your data, Transact has created this Security & Trust Center as a centralized resource where you can find the latest information about our data security practices, protocols, and compliance.

A Framework for Success

We adopt a comprehensive approach to protecting your information security interests. Transact follows the risk-based standards of the U.S. Commerce Department's National Institute of Standards and Technology (NIST) cybersecurity framework:



foundational business needs, functions and risks



information by installing robust safeguards



and contain potential incidents quickly



to incidents and mitigate risks



systems and data with as minimal disruption as possible

Security Rating

The BitSight Security Rating is the industry's only cybersecurity rating independently correlated to the likelihood of a cyber breach and an organization's stock performance. The BitSight security rating works much like a credit rating and is trusted by 20% of Fortune 1000 companies, the Big 4 accounting firms and insurance companies that underwrite 50% of the global insurance premiums.*

*According to BitSight (

Attestations and Compliance

To ensure that our customers' data confidentiality, integrity and availability are maintained, Transact conducts multiple internal and third-party audits on a scheduled basis. Our external certifications and compliances include:

A Service Organization Control (SOC) 2 Type II Certification Logo

Transact is committed to quality control and maintaining our high standards. Service Organization Control (SOC) 2 Type II certification demonstrates that an independent accounting and auditing firm has reviewed and examined an organization's control objectives and activities and tested those controls to ensure that they are operating effectively.

Request a Copy
Payment Card Industry Data Security Standard Logo

Transact customers can rest assured that their credit card information is protected. The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that companies that process, store, or transmit credit card information maintain a secure environment.

Request a Copy
Visa on The List Badge

At Transact Campus, we prioritize the security of our products and the protection of our customers' data. We are proud to be listed on Visa's global registry of service providers. This prestigious list is the payment industry's go-to source for information on registered and compliant agents providing payment-related services to Visa clients and merchants.

Being included in this registry is a testament to our commitment to data security and cardholder data protection. It highlights our continuous investment in creating a secure and trustworthy payment system for our customers. With Transact Campus, you can be confident that your payment transactions are handled with the highest standards of security and compliance.

View Transact's entry on The List

Policies, Protocols and Practices

We believe in being transparent about the way Transact conducts business. Here are the ways that we demonstrate our commitment to being a partner that you can trust and depend on:

Application Security
Transact has implemented a secure software development lifecycle (secure SDL), requiring our product teams to include security training, tools, and processes that are in alignment with the Open Web Application Security Project (OWASP) and NIST. These guidelines include secure coding implementation in application architecture, authentication, session management, access controls and authorization, event logging, and data validation.

Network Security
Transact's network architecture ensures that sensitive data is protected through best business practice security policies and procedures. This includes hardened router configurations, network segmentation, Distributed Denial of Service (DDoS) protections, proactive monitoring, active vulnerability assessments, digital certificates, etc.

Host-Based Security
Transact employs a hardened, approved, and standardized build for every type of server used within the production infrastructure. This procedure disables unnecessary default user IDs, closes unnecessary or potentially dangerous services and ports, and removes processes that are not required.

Disaster Recovery, Business Continuity and Incident Response
Transact uses a high-availability architecture to ensure that, in the event of a failure, service performance continues to meet client expectations. Transact also maintains SOC 2 Type II, which requires the production, maintenance, and testing of a Disaster Recovery Plan (DRP). The current DRP is a formal recovery procedure for recovering the entire application in a different region. The DRP is tabletop tested annually and Transact also performs disaster simulations to test failover to secondary systems.

Transactions Facilitated
Since 2017

$53BTransactions Facilitated

12M+ Customers Served Annually

Transact is Trusted By More Than 1,940 Higher Education Institutions

Key Reasons Campuses Nationwide Trust Us

App & Mobile Website Award Icon

2022 Gold Stevie® Award:
App & Mobile Website
Transact Mobile Credential

Most Innovative Tech Company Award Icon

2022 Silver Stevie® Award:
Most Innovative Tech Company
Up to 2,500 employees

New Product, FinTech Solution Award Icon

2022 Silver Stevie® Award:
New Product, FinTech Solution
Transact International Payments

App & Mobile Website Award Icon

2022 Bronze Stevie® Award:
App & Mobile Website
Transact Mobile Ordering

Subscribe to Transact Updates