Informzashita confirmed compliance of Aeroexpress to requirements of PCI DSS v 3.2.1

2019: Confirmation of conformity to requirements of the PCI DSS v 3.2.1 standard

On August 21, 2019 the Russian cybersecurity integrator "Informzashita" announced confirmation of a full compliance of the information security policies applied in Aeroexpress to requirements of the PCI DSS v 3.2.1 standard.

Aeroexpress is trade and service company of the first level and should confirm regularly compliance to the standard with involvement of the QSA auditor. Thanks to the security level confirmed to PCI DSS passengers Aeroexpress which purchase the ticket on the website and in mobile application of the company using bank cards can be sure of reliable protection of the personal data and money.

Passing of audit according to the PCI DSS standard, undoubtedly, promotes increase in level of security of our these clients and allows to concentrate efforts on ensuring protection on the most important aspects of security. For us safety of payments is one of important criteria of quality of our services and therefore we are interested in keeping up to date and providing to our clients the most modern and protected tools. Planned search of shortcomings and their correction are for us a basis of correctly built process of management of information security,

As the official independent auditor the Informzashita company having the necessary status "Qualified Security Assessor" was selected. The project consisted of four stages. First of all specialists of Informzashita booked preliminary audit by a GAP analysis method that allowed to estimate the company on compliance to the set criterion. The diagnostic report in which it is in details stated that in Aeroexpress company conforms to requirements of the standard was as a result created and also it is specified necessary additions and corrections.

At the second stage specialists of Informzashita held complex testing for penetration which allowed to check efficiency of protection Aeroexpress in practice due to simulation of the external and internal attacks of malefactors. At the third stage ASV scanning — automated verification of all connection points of IT infrastructure to the Internet on existence of vulnerabilities was carried out.

At a final, fourth stage of the project, certification audit based on which experts of Informzashita officially concluded that activity Aeroexpress completely conforms to requirements of the PCI DSS standard was booked. v 3.2.1 Company management received the certified certificate confirming the high level of technology security of card these users.

The project was especially interesting that Aeroexpress treats not numerous trade and service companies which use own development for e-commerce. The responsible attitude of staff of the company to fulfillment of requirements on security allowed to carry out all tasks facing us in enough short time, explained Alla Filonenko, the senior auditor of department of security of banking systems of Informzashita company

2016: Certification on the PCI DSS standard is Payment Card Industry Data Security Standard

At the beginning of February, 2016 the Aeroexpress company underwent certification on the standard PCI DSS – Payment Card Industry Data Security Standard intended for security of processing, storage and data transmission about holders of payment cards Visa and MasterCard. The standard is developed by community PCI Security Standards Council which includes such companies as American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International.

PCI DSS provides complex approach to information security support and integrates programs of VISA Account Information Security (AIS), Visa Cardholder Information Security Program (CISP) payment systems and the MasterCard Site Data Protection program.

As the official independent auditor the Deiteriy company – the supplier of consulting and auditor services in the field of information security was selected. Experts of Deiteriy confirmed the high level of security of payment infrastructure of Aeroexpress company.