28.01.2015

Svyaznoy Bank Completes Certification for Compliance with the PCI DSS Standard

In December 2014, the Svyaznoy Bank’s ProcessingCenter passed the certification audit for compliance with the requirements of the Payment Card Industry Data Security Standard (PCI DSS). The audit for compliance was conducted by Informzaschita, an accredited QSA. As a result, the Bank confirmed high security of its payment card data environment and reduced risks of IS incidents.

The Svyaznoy Bank is one of the leading private banks in Russia by the turnover of payment card-based payments. Today the Bank offers different services as a part of the VISA and MasterCard international payment systems. Due to this, the Bank must confirm its conformity with the requirements of the PCI DSS standard on an annual basis.

Jointly with the staff of Svyaznoy Bank, experts from Informzaschita performed a number of works to improve the Company’s information security procedures. The project covered incident management, risk analysis, safe storage of the cards, critical technologies control and other procedures stipulated by the regulating authority.

The project team implemented technical measures to assess and ensure correct settings of servers, network equipment, applied software and security tools. ASV scanning and integrated penetration tests confirmed high security of the Bank’s information system in terms of threats related to potential hacker attacks.

“In addition to compliance with the formal requirements of regulating authorities (including Russian ones), compliance with PCI DSS also improves actual security of company infrastructure. Today the Svyaznoy Bank’s ProcessingCenter complies with the best global practices in the field of payment card security,” says Leonid Pletnev, head of Informzaschita’s QSA Department. “I would like to note that the Svyaznoy Bank’s management is aware of the need to maintain a high information security level to put into practice due compliance procedures and guarantee the security of the Bank’s payment services.”

 

“Being a bank providing services to over two million clients a day, we must guarantee high security for our customers’ payment card data,” comments Lev Shumsky, head of the Svyaznoy Bank’s Asset Security Department, Information Security Administration. “QSAs from Informzaschita took every effort in a very short time to confirm the reliability of our services and reduce potential risks of IS incidents.”