Aeroexpress is a first-level trading and service company and it regularly confirms its compliance with the corresponding standard and commission a QSA auditor. With this confirmed PCI DSS security level, Aeroexpress passengers purchasing tickets via the company’s website and mobile app using their bank cards, can be sure that their personal data and funds are safe and secure.
“A PCI DSS audit enhances the security level of our customers’ data and allows us to focus our efforts on more important security aspects. Payments’ security is one of the most important criteria for our service quality. We are interested in keeping up with the times and providing our clients with the most cutting-edge and the safest tools. A scheduled search for drawbacks and their elimination is the basis for a correctly built information security management process,” said Victor Remen, Chief IT Officer of Aeroexpress.
Informzaschita was selected as an official independent auditor, certified as a Qualified Security Assessor. The project consisted of four stages. First of all, Informzaschita specialists carried out a preliminary GAP analysis, which made it possible to assess whether the company complies with the specified criteria. As a result, they created a diagnostic report providing a detailed description as to whether Aeroexpress complies with the standard requirements and noting if the company needs to introduce any amendments and corrections.
As part of the second stage, Informzaschita performed a comprehensive penetration test enabling it to check the efficiency of the Aeroexpress security level in real time, by simulating external and internal hacker’s attacks. At the third stage, ASV scanning was carried out, which involved automated checks of all connections of the IT infrastructure to the Internet in aims of finding vulnerabilities.
In the final fourth stage, a certified audit was performed, as a result of which the Informzaschita experts officially concluded that Aeroexpress activities fully comply with the DSS. v 3.2.1 standard requirements. The company has received a certificate confirming the high level of technological security of users’ bank cards.
“This project was particularly interesting because Aeroexpress is one of few trading and service companies that uses their own e-commerce software,” explained Alla Filonenko, Banking Systems Security Senior Auditor at Informzaschita. “The responsibility of the company’s specialists with respect to security requirements made it possible for our company to complete the required tasks in a quite short period of time.”