Cyber Security Services for E-Commerce Businesses

Assess, test, manage risk, and maintain compliance of your cyber security. Streamline the process in one place, with STRATICA.

Get a Quote
  • How do you uphold your customers trust and keep their data safe?
  • How do you maintain the security of your data to protect your business?
  • Did you know that you are required to conduct regular vulnerability scans and uphold a cyber security risk management framework?

STRATICA provide the tools and software to streamline all of your cyber security and PCI compliance activities, in one place.

  • Take back the ownership of your time and priorities. We’re here to remove the stress of your cyber security.
  • At STRATICA, we use our exclusive, Australian-hosted VigiOne portal (StraticaOne) to streamline the PCI compliance review process and jointly sign off with you.
  • Stratica has relationships with reputable and highly experienced Approved Scanning Vendors (ASV’s) and can manage the scans and penetration testing for you from start to finish.

Do you have a team that require cyber security knowledge and training? Our Cyber Security Consultants and Cyber Forensic Investigators provide staff awareness training, with valuable take-away resources to inform your team and protect your cyber security.

PCI DSS recommends the following for a cyber risk assessment –

  • Get Advice. Ask Stratica about partnerships with PCI Approved Scanning Vendors (ASV) – Stratica can arrange this for you.
  • Also, the PCI Council website has a list of  approved ASV’s.
  • Select a Scanner.
  • Run your scans and address vulnerabilities. Ask your PCI ASV for help correcting issues found by scanning.

PCI DSS recommends the following activities for cyber risk management –

  • Create a policy governing security controls according to industry standard best practices (ISO27001)
  • Regularly scan systems for vulnerabilities
  • Create a remediation schedule based on risk and priority
  • Pre-test and deploy patches
  • Rescan to verify compliance
  • Update security software with the most current signatures and technology
  • Use only software or systems that were securely developed by industry standard best practices

Yes. There is a requirement to employ a cyber security risk management framework. This is specified in the new standard R 12.2 that comes into effect with Version 4 of the PCI-DSS Standards.

Under Requirement 11.2, PCI Data Security Standards (DSS) requires you to complete a quarterly ASV scan for your PCI compliance. 
A list of Approved Scanning Vendors is available here. STRATICA can recommend and help you choose your ASV partner.

As stated in the PCI DSS, “an ASV authorised scan is performed to identify and “protect all systems against malware, and regularly update anti-virus software or programs. ASVs are approved by the [PCI] Council to validate adherence to the PCI DSS scan requirements by performing vulnerability scans of Internet-facing environments of merchants and service providers.” An unofficial scan is conducted with a scanning tool (usually freeware) but cannot be attested or used for official compliance.

An internal scan is within your business network, whereas, as external scan is outside of your network. “To demonstrate compliance, internal scans must not contain high-risk vulnerabilities in any component in the cardholder data environment. For external scans, none of those components may contain any vulnerability that has been assigned a Common Vulnerability Scoring System (CVSS) base score equal to or higher than 4.0.”

Penetration testing is a simulated cyber attack, used to detect system vulnerabilities. The PCI Data Security Standards (DSS) suggest that penetration testing (external and internal) should be conducted “at least annually and after any significant upgrade or modification.”

If you accept card payments via a payment gateway you are required to attain PCI compliance, as per the PCI DSS. At STRATICA, PCI compliance is at the heart of our cyber security services.

STRATICA provide combined PCI consulting and cyber security services.
We are a “one-stop-shop” and assist with the complexities of these processes, without the need for you to employ multiple firms.

Other compliance standards we can assist with:

  • ISO 27000 series
  • SOC2
  • IRAP
  • Vulnerability Scans

It would be valuable to have both ISO 27000 and PCI DSS assessed at the same time particularly if you are a start-up.

Having both areas assessed means you will get both cost-savings and time-savings as well as peace of mind that your business is compliant.

We can do SOC2 assessments (Systems and Organisations Controls version 2). SOC2 is a compliance standard for service organisations, developed by the American Institute of CPAs, to manage customer data.