Kimbia is Payment Card Industry Data Security Standard (PCI DSS 3.0) Level 1 certified – the highest available standard for credit card information security and privacy in the payment processing industry. In order to maintain this certification, each year Kimbia undergoes an audit performed by an independent auditor referred to as a Qualified Security Assessor (QSA).
The PCI DSS security requirements are endorsed by the PCI Security Standards Council, founded by a consortium of major credit card brands including Visa Inc., MasterCard Worldwide, American Express, Discover Financial Services, and JCB, to enhance credit and debit card data security.
Although other companies may claim to be PCI Compliant, organizations seeking to reduce the risk of storing sensitive donor credit card information should require Level 1 compliance.
Kimbia also subjects itself to an annual audit of its internal controls, performed by independent auditors of a CPA firm. Our most recent audit resulted in a “clean,” unqualified opinion in the auditor’s report – the strongest possible outcome of such an audit.
An SSAE16 SOC 1 audit report is issued under the guidelines put forth by the Statement on Standards for Attestation Engagements Number 16, which replaced the prior Statement of Auditing Standards Number 70 (SAS 70) standard. As a Type II report (the most comprehensive audit and report possible), the auditors’ opinion covered both the design and operating effectiveness of Kimbia’s internal control environment, inspecting both Kimbia’s software development environment as well as its business controls.
Although other companies may describe the server hosting environment of their software as SSAE16 SOC 1 compliant, few if any can claim that their company’s business and development environment have successfully completed such an audit with a positive result.
KIMBIA NOT AFFECTED BY HEARTBLEED
Heartbleed is a recently discovered vulnerability affecting secure websites. Heartbleed is a defect in OpenSSL, a core cryptographic library that is used to protect communications on the Internet. This defect has been in existence since 2012.
Kimbia and Kimbia solutions are not and never were affected by this vulnerability.
Kimbia is committed to protecting our clients’ data and we continuously reinforce our systems to ensure you have the most robust account security.