Alza.cz received the highest certification for the security of electronic payments

14. 6. 2022

Alza.cz was the first Czech e-shop to successfully pass the assessment of the highest level of electronic payment security according to the international standard PCI DSS (Payment Card Industry Data Security Standard). An independent external evaluator confirmed that card payments at Alge take place in a secure environment, in accordance with the demanding requirements of payment card operators.

Alza.cz is the first of the large e-shops operating in the Czech Republic and Slovakia that has successfully achieved compliance with the international security standard PCI DSS of payment associations (VISA, MasterCard, American Express, JCB). This attestation confirms that the company operates systems and processes processing electronic payments according to the strictest requirements of a globally defined standard for the security of payment card holders' data.

Customers of the e-shop can thus use the company's services with complete confidence that their personal and sensitive data, transmitted during electronic transactions, are protected from misuse. The requirements of the standard include all points at which payment cards are accepted, from online payments through payment terminals at branches and AlzaBoxes to payments with AlzaExpres drivers. This is a complex set of technical and procedural requirements that a company must meet if it wants to accept payment cards from card associations securely.

"Attestation according to the PCI DSS standard confirms that customer data is in Alge really well protected. This is the highest priority for us, because card payments have long been the most popular payment method in our e-shop," said Lukáš Jezbera, Head of Cash Operations. In 2021, 74% of all orders from the e-shop were paid for by payment cards, and almost half of all payments were made by card online. The share of orders paid for by cards on Alza thus increased by five percentage points year-on-year, mainly at the expense of cash.

To quickly fulfill the requirements of the PCI DSS standard Alza cooperated with the external consultant 3Key Company. “The timing of the project has been the most ambitious so far of any customer we have worked with. Nevertheless, the project received sufficient support, and thanks to the willingness and quality of the responsible managers of many involved Alza.cz departments, the attestation was achieved on the scheduled date," Michal Tutko, Chief Advisory Officer of 3Key Company, summarized the cooperation.

"The preparation and the certification itself were challenging for our teams. As part of the project, we have introduced a number of meaningful changes that the customer will not normally see, but will ensure higher security of the processing of all transactions," Jezber explained the entire process and added: "We value the trust of our customers, which is why it is important for us not only that we are the highest they implemented the level of security according to the PCI DSS standard, but also that we will maintain it in the long term. A comprehensive and integrated security system subject to regular control is beneficial for the entire e-commerce market. We therefore believe that other large e-shops in the Czech Republic will join us in the near future, which will further strengthen customers' confidence in online shopping."

Alza.cz chose 3Key Company based on references from the industry, as it has demonstrated its competence with many clients in the design and implementation of technical and process changes necessary to achieve compliance with the PCI DSS standard. In addition, he always proposes modifications to the company environment in such a way that the required level of security is effectively achieved while taking into account the needs of further development of the given company's environment, including the possibility of providing new innovative services for end users.

What does the PCI DSS standard address?

Security of network communication
Controlling the deployment of equipment and software into production
Protection of cardholder data during storage
Protection of cardholder data in transit
Protection against malicious software
Controlling the development of applications that process, transmit or store cardholder data in any way
Management of the allocation of access to employees and external workers
Control of access to technical means and data
Physical access control
Control and manage event logging and auditing
Security testing measures
Information security management in the company

Topics: AlzaBox, VISA, MasterCard, Alza, alza.cz, user, Application

Discussion of the article

Your name

Your comment

By filling in the above data, I acknowledge that the company TEXT FACTORY s.r.o., registered office in Brno, Durďákova 336/29, Černá Pole, ZIP code: 613 00, ID number: 06157831, registered at the Regional Court in Brno, section C, insert 100399, will process my personal data provided in the registration form filled out by me on the basis of the legitimate interests of TEXT FACTORY s.r.o. according to Article 6 paragraph 1 letter f) GDPR and to fulfill legal obligations (Article 6, paragraph 1, letter c) GDPR), for the following purposes: the necessity to ensure the authorization of visitors to websites operated by TEXT FACTORY s.r.o. to actively contribute to published articles or within discussion forums and exercising the rights of TEXT FACTORY s.r.o. as the administrator of these discussion forums. More information about the processing of personal data and rights can be found in Lessons on personal data protection. the entire text

What does the PCI DSS standard address?

Related