August 11, 2021, Moscow. Information security specialists of Jet Infosystems Company conducted an audit in the structural divisions of the VOXYS Communications Center for compliance with the PCI DSS 3.2.1 payment card industry data security standard.

The experts checked VOXYS contact centers for compliance with all the requirements of the standard when transferring customer payment card data to partner banks through the IVR interactive voice menu system. According to the results of the audit, VOXYS contact centers have received a certificate and will now be able to sell through the voice menu (IVR).

The certification will allow VOXYS to expand the range of potential customers. In particular, airlines, hotel booking systems, and car rental systems may be interested in sales through an interactive voice menu.

As part of the project, Jet Infosystems specialists conducted vulnerability scanning, as well as external and internal penetration testing. During the external testing, the specialists simulated the actions of a potential intruder who is located outside the perimeter of the VOXYS IT infrastructure. During the internal testing, the actions of the violator, who is located inside the IT infrastructure, but does not have access to payment card data, were simulated. The mechanisms of segmentation of the local computer network, differentiation of access to systems were tested.

The final stage of the audit was the collection of necessary information about systems and processes, their assessment for compliance with the requirements of the standard. Based on the analysis, the experts of Jet Infosystems have developed recommendations, templates for regulations, instructions, and information storage procedures. In addition, the experts have prepared a self-assessment sheet for VOXYS, which will allow the group of companies to independently monitor the implementation of PCI DSS 3.2.1 requirements in the future.

«During the project, VOXYS specialists sought not just to fulfill the formal requirements of the standard, but to ensure real data security ", Andrey Yankin, director of the Information Security Center of Jet Infosystems notes. In addition, VOXYS employees carefully adopted our experience in terms of PCI DSS compliance audits in order to conduct subsequent self-assessment as efficiently as possible".

IVR is a popular service among VOXYS customers. A successful audit for compliance with the PCI DSS 3.2.1 payment card industry data security standard will significantly expand the use of IVR, enabling potential and existing customers to use an additional remote sales channel.

«Certification according to the industry security standard PCI DSS 3.2.1 will allow us to start

implementing current projects with remote sales and payments by payment cards through the voice menu - a system of voice messages that route phone calls using tone dialingcommands", Yulia Molchanova, Executive Director of VOXYS said.

* * *

Payment Card Industry Data Security Standard (PCI DSS) is a payment card industry data security standard developed by the Payment Card Industry Security Standards Council established by the international payment systems Visa, MasterCard, American Express, JCB and Discover. The standard is a set of detailed requirements for ensuring the security of data about payment card holders that are transmitted, stored and processed in the information infrastructures of organizations. Taking appropriate measures to ensure compliance with the requirements of the standard implies a comprehensive approach to ensuring the information security of payment card data. More detailed. 

Jet Information Systems is one of the largest IT companies in Russia. Since 1991, it has been working in the system integration market, implementing complex and unique projects throughout the country. The staff consists of more than 1,800 employees. The company has more than 10 offices and representative offices in Russia and the CIS and conducts projects in other countries. It is included in the TOP 500 largest companies in Russia (RBC, 2020), the TOP 10 largest IT companies and the TOP 5 IT service providers in Russia (Expert RA, 2020). The leader in the IT outsourcing market in Russia (IDC, 2019), No. 1 among the largest suppliers of data center infrastructure (CNews Analytics, 2020), TOP-3 largest integrators of Russia in the field of information security (CNews Analytics, 2020). The main activities of Jet Infosystems are: design and implementation of computer systems, network infrastructure, engineering systems and multimedia, custom development, implementation and maintenance of software solutions and enterprise-level business applications, information security, IT outsourcing and technical support. Official website: jet.su

VOXYS is the market leader in outsourcing contact centers in Russia. According to iKS-Consulting, VOXYS occupies 18.4% of the Russian communications market in the field of customer service (rating "The largest outsourcing contact centers in Russia", 2020). The staff exceeds 8,000 people, the company is represented in 30 cities of Russia, implements more than two hundred communication projects in the interests of the company-leaders of the financial market, insurance, transport, logistics, retail, hospitality, healthcare, manufacturing and public authorities, processing more than 1 million incoming requests daily.