Download PDF
Provectus > Case Studies > Migration to Secure Infrastructure: TripActions' Journey to PCI-DSS Compliance
Provectus Logo

Migration to Secure Infrastructure: TripActions' Journey to PCI-DSS Compliance

Technology Category
  • Networks & Connectivity - Gateways
  • Platform as a Service (PaaS) - Application Development Platforms
Applicable Industries
  • Cement
  • Construction & Infrastructure
Applicable Functions
  • Quality Assurance
Use Cases
  • Construction Management
  • Infrastructure Inspection
Services
  • Cloud Planning, Design & Implementation Services
  • Testing & Certification
The Challenge

TripActions, a corporate travel management organization, faced a significant challenge in enabling secure banking transactions without the need for third-party services. The company aimed to accept customer payments directly, track all banking transactions processed through the platform, and securely collect and store critical and client-sensitive data. To achieve these objectives and spur revenue growth by attracting new enterprise clients, TripActions needed to migrate its platform to a secure PCI-DSS-compliant infrastructure. However, the existing infrastructure had several network, user access, monitoring, alerting, and CI/CD issues that needed to be addressed. The company approached Provectus to upgrade their infrastructure as part of their preparation for PCI-DSS compliance certification.

About The Customer

TripActions is a corporate travel management organization that aims to control the costs of business travel and incentivize employees through easily accessible business travel opportunities. The company sought to enhance its business travel platform by accepting customer payments directly, tracking all banking transactions processed through the platform, and securely collecting and storing critical and client-sensitive data. To achieve these objectives and spur revenue growth by attracting new enterprise clients, TripActions needed to migrate its platform to a secure PCI-DSS-compliant infrastructure.

The Solution

Provectus designed and built a new secure infrastructure in compliance with PCI-DSS standards for TripActions. The process began with an initial workshop to assess TripActions’ AWS infrastructure. Provectus enhanced TripActions’ AWS infrastructure in several stages, implementing access rules, roles, and groups, creating separate VPC for different environments types and services, and adding full logging audit, monitoring, and alerting. To optimize network infrastructure, separate VPC for production, staging, and development environments were created. Public and private subnets were segmented to control inbound/outbound traffic and outbound connections. Amazon Route53, VPN access with two-factor authentication, Elasticsearch and CloudWatch services were implemented. Backups for all services, data storage, and EC2 instances were created, and all instances received anti-virus updates. CI/CD pipelines were redesigned and improved, with a focus on automatic builds and tests on pull requests.

Operational Impact
  • The migration to the new secure infrastructure allowed TripActions to comply with PCI-DSS standards. The company became legally permitted to directly accept customer payments, track banking transactions, and securely collect and store transaction data, such as credit card details and transaction history. This significant upgrade not only improved product quality but also optimized IT operations. The successful migration spurred business growth and had a positive impact on overall business performance. The company managed to enhance its business travel platform, attract new enterprise clients, and spur revenue growth.

Quantitative Benefit
  • 35% reduction in Total Cost of Ownership (TCO)

  • 40% shorter release cycle

  • 3% reduction in customer expenses

Related Case Studies.

Contact us

Let's talk!

* Required
* Required
* Required
* Invalid email address
By submitting this form, you agree that IoT ONE may contact you with insights and marketing messaging.
No thanks, I don't want to receive any marketing emails from IoT ONE.
Submit

Thank you for your message!
We will contact you soon.