Make a Payment
Direct Debit

Security

Home/ Important Information/Security

Security

At StrataPay, we prioritise the security of your data and adhere to the highest industry standards. We understand that trust is paramount when it comes to handling sensitive information, which is why we maintain rigorous security protocols and certifications.

PCI DSS Level 1 Compliance

The Payment Card Industry Data Security Standard (PCI DSS) is a globally recognised set of security standards enforced by major credit card providers. It outlines comprehensive requirements for managing sensitive credit card data.

StrataPay maintains the highest level of compliance – PCI DSS Level 1. This certification reflects our significant transaction volume and our commitment to upholding the utmost level of security for our clients. We are proud to be 'on the list' of the Visa Global Registry of Service Providers (the Registry), located at (www.visa.com/onthelist) which acknowledges service providers that have shown their commitment to security by meeting the requirements of the PCI Standard.

Key aspects of PCI DSS compliance:

  • Building and Maintaining a Secure Network and Systems: We employ robust firewalls, intrusion detection systems, and other security measures to protect our network and systems from unauthorised access.
  • Protecting Cardholder Data: We utilise encryption, tokenisation, and other data protection techniques to safeguard your sensitive information at all stages.
  • Maintaining a Vulnerability Management Program: We proactively identify and address potential vulnerabilities in our systems and applications through regular security assessments and penetration testing.
  • Implementing Strong Access Control Measures: We enforce strict access control policies, including multi-factor authentication, to ensure that only authorised personnel can access sensitive data.
  • Regularly Monitoring and Testing Networks: We continuously monitor our network for suspicious activity and conduct regular security tests to ensure the effectiveness of our security controls.
  • Maintaining an Information Security Policy: We have a comprehensive information security policy that governs all aspects of data security and is regularly reviewed and updated.

ISO 27001 Certification

In addition to PCI DSS, StrataPay is also ISO 27001 certified. This internationally recognised standard demonstrates our commitment to comprehensive information security management. ISO 27001 provides a systematic framework for managing sensitive information, extending beyond payment card data.

Our ISO 27001 certification assures you that we:

  • Have implemented a robust Information Security Management System (ISMS).
  • Continuously assess and manage information security risks.
  • Implement appropriate security controls to protect your data.
  • Regularly monitor, review, and improve our information security practices.

SOC2 Type 2 Compliance

Further reinforcing our commitment to security, StrataPay has achieved SOC2 Type 2 compliance. This rigorous auditing standard, developed by the American Institute of Certified Public Accountants (AICPA), verifies the effectiveness of our security controls over time.

SOC2 Type 2 compliance provides assurance that our systems and controls are:

  • Secure: Protecting against unauthorised access, use, or modification of data.
  • Available: Ensuring that our systems and data are accessible to authorised users when needed.
  • Processing Integrity: Guaranteeing the complete, accurate, and timely processing of data.
  • Confidential: Protecting sensitive information from unauthorised disclosure.
  • Privacy: Ensuring that personal information is collected, used, and disclosed in accordance with privacy regulations.

At StrataPay, we are dedicated to providing a secure and reliable platform for all your payment processing needs. Our commitment to maintaining the highest security standards, as evidenced by our PCI DSS Level 1, ISO 27001, and SOC2 Type 2 certifications, reflects our unwavering dedication to protecting your data.

View our certifications:

View the StrataPay Compliance Certificate.

View the StrataPay ISO 27001 Certificate.

View the StrataPay SOC 2 Type 2 Attestation.

 

              

 

What is PCI DSS Compliance?

Payment card industry (PCI) compliance is mandated by credit card companies to help ensure the security of credit card transactions in the payments industry. Payment card industry compliance refers to the technical and operational standards that businesses follow to secure and protect credit card data provided by cardholders and transmitted through card processing transactions. PCI standards for compliance are developed and managed by the PCI Security Standards Council.

Being PCI compliant means consistently adhering to a set of guidelines set forth by the PCI Standards Council. PCI compliance is governed by the PCI Standards Council, an organization formed in 2006 for the purpose of managing the security of credit cards. The requirements developed by the Council are known as the Payment Card Industry Data Security Standards (PCI DSS). The guidelines are are also considered security best practices. Its six major requirements include the following:

  • Build and Maintain a Secure Network and Systems
  • Protect Cardholder Data
  • Maintain a Vulnerability Management Program
  • Implement Strong Access Control Measures
  • Regularly Monitor and Test Networks
  • Maintain an Information Security Policy

What is ISO 27001 Compliance?

 

ISO 27001 is the leading international standard for information security management. It provides a systematic framework for businesses to establish, implement, operate, monitor, review, maintain, and continually improve their Information Security Management System (ISMS).

How does StrataPay ensure our clients security?

 

StrataPay maintains the world's highest payment security accreditation – PCI DSS Level 1. We are proud to be 'on the list' of the Visa Global Registry of Service Providers (the Registry), located at (www.visa.com/onthelistwhich acknowledges service providers that have shown their commitment to security by meeting the requirements of the PCI Standard. Our recent ISO 27001 certification further demonstrates our dedication to robust information security management practices, extending beyond payment card information.

                 

 

 



The StrataPay Payment Service is provided by StrataPay Pty Ltd (ABN 52 097 607 451) which holds Australian Financial Services Licence number 247378. Any information provided is general only and does not take into account your objectives, financial situation or needs. Please read and consider the Product Disclosure Statement before acquiring or using the service.
Use of StrataPay and the information contained on this page is subject to the StrataPay Terms and Conditions
© StrataPay Pty Ltd

Call
1300 552 311