01.09.2014

InformZaschita Certifies Visa QIWI Wallet According to the PCI DSS 3.0 Standard

Informzaschita has certified Visa QIWI Wallet for compliance with the requirements of the PCI DSS 3.0 standard. The certificate confirmed a high level of personal data security provided to Visa QIWI Wallet users and reliability of measures related to information security and management of the payment service.

According to the data provided by the QIWI Group, the number of active Visa QIWI Wallet accounts exceeded 15.8 mln during the second quarter of 2014. The amount of card transactions grows by a number of times each year. As a result, the payment service must ensure safety of payment transactions, and this means that the requirements imposed by international standards on such companies become stricter.

The certification audit comprised four stages: preliminary assessment of the customer’s systems, ASV scanning (scanning the network external perimeter for vulnerabilities), integrated intrusion test and audit of dozens of business processes and units of the payment service. Ilya Aleksandrov, Manager of Informzaschita’s Bank Systems Department, emphasized that taking into consideration the scale and heterogeneity of the QIWI IT infrastructure, in addition to compliance with the latest requirements of international payment systems, ensuring the security of business processes is also necessary.

He explained: “The Payment Card Industry Security Standards Council (PCI SSC) has mentioned more than once that the new version of the PCI DSS 3.0 standard is focused on the process of security enforcement. This means that the current goal of audits is not just to make sure that a company has some security technology but to assess potential risks and to monitor the uninterrupted security of business processes on a regular basis.”

Denis Persanov, QIWI Group’s Risk Manager, noted: “Our key objective is to guarantee maximum security of payment transactions and funds in the Visa QIWI Wallet system. We improve algorithms of security systems on a regular basis. The audit and certification conducted by Informzaschita confirmed the reliability and efficiency of the security measures to prevent any unauthorized access to personal data of QIWI payment cards holders.”

At the next stage, due compliance with the requirements of the PCI DSS standard will involve updates of the register of system components according to the scope of assessment (PCI-Scope), routine information security procedures and controls, and improvement of QIWI employees’ awareness in the field of payment card data security on a regular basis.