Kudos is an Australian-based company that has been delivering innovative software solutions to travel agencies, corporations, and their travellers for over a decade. Kudos simplifies the complexities of travel management with a seamless, all-in-one platform. From traveller profiles and visa checks to booking tools, duty of care, and sustainability insights, Kudos integrates everything needed to manage travel efficiently,and deliver a smarter, more connected travel experience.
Stratica has been Kudos’s cyber security partner since 2020, helping them assure customer confidence in an increasingly competitive travel technology market through PCI DSS compliance.Over this time, Kudos has continued to evolve the platform to meet growing demand by scaling its infrastructure, expanding features, and strengthening its security posture.
The next evolution in Kudos’s PCI DSS Compliance journey was the transition to PCI DSS 4.0., so they can continue to assure customer confidence in a competitive travel technology market.
“To remain competitive and sustainable in a compliance-heavy environment like travel technology, high standards in cyber security and data handling are non-negotiable,” says Managing Director Phil Rasmussen.
“As a travel solutions provider, we naturally handle a range of sensitive information, including passport and visa details.”
To mitigate the risks associated with storing customer data, Kudos has diversified their IT infrastructure. They have separated the cloud accounts for development, staging, production, billing and security – so unauthorised access to one won’t impact the other. They mandate access via a single-sign on authentication app and store credit card data offsite, using tokenisation to secure cardholder data.
The Journey to PCI DSS v4.0 Compliance
As the next step in securing Kudos’s environment against the current threat landscape, Kudos began the transition to PCI DSS v4.0.
And Stratica, as their trusted PCI DSS compliance partner, guided them through the process.
“PCI v4.0 has added additional requirements, some of which presented as challenging to meet, said Phil
But thankfully, we didn’t have to worry about solving these challenges ourselves. Stratica has the expertise to discern what requirements are relevant to us based on our business environment.”
Stratica completed a diligent review of Kudos’s security posture against the new PCI v4.0 requirements, and completed ASV scans and penetration tests to further consolidate existing security controls.
Through the process, Stratica gave Kudos a clear picture of the documentation required to meet any new or updated PCI DSS requirements. Taking into account Kudos’s extensive network of industry partners, Stratica also provided detailed security guidance that ensured all vendors agreed about security best practices for Kudos’s environment and how to implement them.
Overall, even with a strong cybersecurity team, Stratica’s partnership helped Kudos prioritise and
“PCI v4.0 introduced a range of new and enhanced requirements, and while some were challenging, our internal teams were well-prepared,”
“Stratica’s guidance helped us prioritise changes and align with the intent of the standard, while we focused on implementing those changes across the platform. It’s a strong, collaborative partnership”
The Stratica Partnership
As a small business, Kudos relies heavily on the expertise of its partners. These relationships are key to service delivery and the ongoing success of the business.
“Our partners are crucial to our success. So, when choosing partners to work with, we look for businesses with genuine interest in our product, and commitment to being part of our team.
Stratica has been just that. John and his skilled team have been a longtime supporter of Kudos, and they back our offering. That human factor is key to the fantastic relationship we have with Stratica, and what makes them stand out as PCI Compliance and cyber security partner.”
Looking to explore the most efficient and effective PCI compliance strategy for your organisation? Contact us for a complimentary security review.