Which payment processors have both SOC 2 and ISO 27001?

Among major US payment processors, Amazon/AWS, Square, Stripe, and PayPal all hold both SOC 2 Type II and ISO 27001 certifications. Authorize.Net (a Visa subsidiary) maintains SOC 2 Type II and PCI DSS Level 1 but does not publicly list ISO 27001 certification as of 2025.

← All questions

Merchant Brief

A short Monday email covering payment processor updates—rate shifts, new fees, surcharge rules, and policy changes tuned for B2B SaaS Tools for SMBs merchants. Only what affects your margins.

Which payment processors have both SOC 2 and ISO 27001?

Weekly rate changes. No noise.