Business Challenge

Maintaining the highest payment service provider and cybersecurity standards to continue its reputation as a trusted business in the booking space.

Horangi's Impact

Helped tiket.com attain — and maintain — the ISO 27001 and PCI-DSS certifications, and improve security capabilities.

The Story

tiket.com is an Indonesian flight and hotel booking platform that was founded in 2011. Known as an OTA (Online Travel Agent) company, tiket.com offers bookings for hotels, flights, car rentals, trains, events, and attractions. Today, tiket.com partners with over 11,000 hotels across Indonesia and has offices and staff in Singapore, Kuala Lumpur, and Bangkok.

tiket.com operates both web and mobile apps, and its fast-growing platform sees over 6 million transactions a year. Other than ticket purchases through the app, customers are also able to edit their bookings, make cancellations, and obtain refunds.

Protecting the ever-increasing amount of tiket.com customer records has always been a top priority for the organization, whose users doubled to 15 million in 2019. With this security-first mindset, tiket.com engaged Horangi in 2018 in the hopes of a long term partnership.

At the time, the tiket.com team already had its sights on meeting ISO 27001 and PCI-DSS compliance standards.

The Engagement

You may think you know your security and compliance gaps, but third parties are crucial in helping to test that hypothesis. Right off the bat, Horangi conducted a thorough gap assessment for tiket.com to uncover the large risk areas.

The compliance journey is an organization-wide effort. Horangi quickly helped to identify that and charted a roadmap with progressive milestones that would serve as tiket.com’s guide to achieving its business objectives. Crucial to the process was the top-down support from management and helping to raise awareness of the compliance — teamwork breeds success. On the technical end, Horangi’s consultants established a security testing frequency as a proactive measure for assessing tiket.com’s web applications and other infrastructure.

The Results

Together with the tireless support from the organization’s own InfoSec team, Horangi consultants helped tiket.com to advance in its compliance journey for ISO 27001 and PCI-DSS certification.

This required a Herculean effort across the organization. Horangi’s consultants wrote tailored security and operational policies that were enforced for processes including software releases, third party partnerships, and even physical security. The consultants also regularly conducted Penetration Tests on applications and infrastructure to help tiket.com fix vulnerabilities, staying ahead of new attack vectors.

“Talent makes a clear difference in our work with third parties. Horangi’s strong understanding of client needs, ability to elaborate problems into concrete solutions, and sheer ability to execute on these solutions make them a security vendor suitable for organizations of all sizes that need to embark on a similar compliance journey as ours,” said Raden Ardiansyah Natakusumah, Head of Information Security, tiket.com.

Today, tiket.com has attained both ISO 27001 and PCI-DSS certifications. The business makes it a priority to demonstrate this commitment to data security to its customers. It’s why the work does not stop at certification. Cybersecurity and compliance is an ongoing journey, and Horangi continues to lend its expertise to help tiket.com maintain its strong security standards to win customer trust.