20.10.2014

Informzaschita Certifies BPC Banking Technologies for Compliance with the PCI DSS Standard

The BPC Banking Technologies, a leading vendor of payment solutions for the global financial industry, has informed about successful certification of its processing center for compliance with the PCI DSS 2.0 standard. Based on the results of the four-stage project implemented by Informzaschita’s experts, BPC Banking Technologies confirmed its compliance with the requirements of international payment systems and reduced information security-related risks.

All network devices of the BPC processing center as well as servers and applications connected to the payment card data processing environment underwent the audit. In the course of the project that lasted for several months, Informzaschita’s experts set additional requirements to the information security infrastructure and processes, suggested amendments of in-house regulatory documents, and performed necessary penetration scans and tests. The implementation of all recommendations enabled BPC Banking Technologies to improve the overall security level of the processing center’s information systems while the QSA audit as the final stage of the certification procedure confirmed compliance with the international standards of the payment industry.

Alexei Bochkarev, Manager of Informzaschita’s Bank Systems Security Department, comments: “Since the security level of the BPC infrastructure is quite high, we managed to implement the project as soon as possible. In the nearest future, we will continue the project to transfer BPC to the new version of the PCI DSS v3.0 standard. The project is to be based on a new approach to maintaining compliance with the PCI DSS standard during the period between certifications. Due to this, we will improve the accuracy of certification audits and substantially reduce the period of time needed for final audits.”

Alexei Bochkarev also noted that this approach can be implemented at the expense of an approved plan of routine audits during the year and not only during the audit itself. This approach will make it possible to timely monitor and eliminate any deviations of information security and IT processes from the new requirements of the standard.

He concluded: “Moreover, we can now conduct certification audits based on the body of collected evidence to confirm compliance with most of the requirements, which will substantially reduce the burden on the customer’s staff.”

Sergey Tereshin, Director of the BPC Banking Technologies’ ProcessingCenter, highly praised the professionalism of Informzaschita’s experts during the project: “The auditors’ recommendations enabled us to solve non-routine problems as a part of the project. Successful certification confirms the reliability and efficiency of security measures and information security management processes used by our Company to prevent any unauthorized access to personal data of payment cards holders.”