The security of your donor’s data and their payment information is one of our top priorities at Kimbia. Therefore, we put immense effort and focus onto PCI security and compliance each and every year to ensure we remain up to date with the latest security measures and are meeting the absolute highest security standards on the market.
We invest in getting the highest and most stringent third-party audits and certifications possible. Each year, we perform three formal security activities:
- PCI DSS Level 1 Certification: Level 1 certification is the highest level of audit and deepest level of third-party verification of security practices for online transactions available. Kimbia never stores financially sensitive personal information, such as credit card numbers, checking account numbers or any other payment account information. We work with banking and payment networks whenever possible to vault the account information and work with secure tokens in its place. Furthermore, we leverage the fraud detection and protection capabilities of gateway, banking and payment networks in a patented way to amplify that protection for all our clients. We have always maintained our PCI DSS compliance.
- SOC 1 Type II Annual Audit: This annual audit is performed by a third-party firm with credentials to validate and verify our financial reporting systems and security practices. The audit focuses on the policies and practices of the financially-oriented information services we provide to our clients and other organizations. We perform this audit each year to ensure that we “practice what we preach” and are fully compliant. We added this certification in 2014.
- Annual Ethical Hacking Review: Each year, we partner with one of the largest financial institutions in the country to perform an “ethical hack.” Since 2014, we have endorsed and supported this effort to continually improve our security posture and go beyond the auditing standards. Security is more than a set of policies; it is a cultural value at Kimbia.
If you would like more information about our PCI and security standards or would like a copy of our PCI Attestation of Compliance (AOC), please contact us using the form below.