01.09.2014

Confirmation of Visa QIWI Wallet’s Conformity with the Requirements of the PCI DSS Standard

Project completion date:

September 1, 2014

The Customer:

The QIWI Group was established in 2007. It is a payment service enabling payments using different communication devices and channels (both fixed and mobile). QIWI Terminals and Visa QIWI Wallet with a web interface and applications for all current mobile platforms are the key payment tools. After opening a Visa QIWI Wallet, you can get a virtual QIWI Visa Card or plastic QIWI Visa Plastic cards to make convenient payments online and in real life. By using the Visa QIWI Wallet, you can determine terms for deferred payments, be notified of forthcoming payments, receive detailed descriptions of current payments and save any necessary payment details in the payment system.

Business needs:

In the second quarter of 2014, the number of active Visa QIWI Wallet accounts exceeded 15.8 million accounts to reach almost 16.5 million ones in the third quarter. The quantity of card-based transactions keeps growing by a number of times every year. As a result, the payment service must guarantee full security of payment transactions. Thus, international standards set stricter and stricter requirements to such companies.

Objectives:

Experts from Informzaschita were to solve the following problems as a part of the project:

  • Certification for compliance with the new version of the standard (PCI DSS v3.0)
  • Update of the standard coverage taking into account infrastructural changes
  • Expansion of the field of assessment as compared to the previous audit
  • Assistance and consultancy when bringing the payment card data environment in compliance with the requirements
  • Instrumental assessment of the protection of the payment card data environment against external and internal threats

Solution:

The certification audit comprised four stages:

  • Preliminary assessment of the customer’s systems
  • ASV scanning (scanning of the external network perimeter for vulnerabilities)
  • Integrated penetration test
  • Audit involving dozens of business processes and divisions of the payment service

Result:

The certification procedure confirmed high security of Visa QIWI Wallet users’ data as well as reliability of the information security provision and management tool used by the payment service.