Our Accreditations

PCI Participating Organization – we are a member of the Payment Card Industry Security Council so our knowledge and skills are at the forefront of the industry

PCI DSS Level One Service Provider – we have been continuously PCI DSS compliant since 2010

Systems and Organization Controls 2 (SOC 2): By engaging an independent CPA to examine and report on a service organization’s controls, service organizations can respond to meet the needs of their user entities and obtain an objective evaluation of the effectiveness of controls that address operations and compliance, as well as financial reporting at those user entities.

The examination was performed by an independent CPA firm for the scope of service described below.

Examination Scope:  Secure Payment Solutions

Selected SOC 2 Categories:  Security

Examination Type:  Type 2

Review Period: March 1, 2024, to February 28, 2025

Service Auditor: Schellman & Company, LLC

Cyber Essentials Plus: We are proud to be certified under the Cyber Essentials Plus program, a vital component of the UK Government's cybersecurity scheme. Established in 2014, this initiative mandates certification for suppliers serving central government bodies, ensuring robust protection against common cyber threats. Our commitment to Cyber Essentials Plus underscores our dedication to safeguarding our systems and data against evolving online risks.

Cyber Essentials: We are certified under the UK Government Cyber Essentials scheme, established to protect organizations against common online threats. Since its launch in 2014, the Government mandated all suppliers working for central government organizations to be certified against the Cyber Essentials scheme.

G-Cloud / Crown Commercial Service: The Crown Commercial Service (CCS) brings together policy, advice and direct buying; providing commercial services to the public sector and saving money or the taxpayer. Eckoh is listed on the Crown Commercial Service Cloud Framework and so have access to public sector organizations looking for these solutions

ISO 27001: This ensures that we manage the security of assets such as financial information, intellectual property, employee details or information entrusted to us by third parties.

ISO 9001: This demonstrates our Quality Management System process and our ability to consistently provide our solutions and services to meet customer and regulatory requirements.

Visa Validated Service Provider: The Visa Global Registry of Service Providers (the Registry), located at (www.visa.com/onthelist) acknowledges service providers that have shown their commitment to security by meeting the requirements of the PCI Standard.

The Mastercard SDP Compliant Registered Service Provider List: A company’s name appears on this SDP Compliant Registered Service Provider List if (i) Mastercard records reflect the company is registered as a Service Provider by one or more Mastercard Customers and (ii) Mastercard has received a copy of an Attestation of Compliance (AOC) by an appropriate PCI SSC approved Qualified Security Assessor (QSA) reflecting validation of the company being PCI compliant.