04.02.2015

Informzaschita Confirms the Compliance of the Sberbank’s Main Processing Center with the Requirements of the PCI DSS Standard

The Sberbank’s Main Processing Center (MPC) passed the compliance certification audit for the requirements of the PCI DSS international standard in the field of payment card industry. The audit was conducted by Informzaschita, a leader in the IS industry.

Being an issuer and acquirer for the VISA and MasterCard international payment systems as well as an American Express acquirer, Sberbank of Russia connects to their systems directly and must confirm its compliance with the requirements of the PCI DSS standard in the form of a certification audit conducted on an annual basis.

Taking into account the complexity of the IT infrastructure to be audited, a great number of resources to be assessed and tight schedule, several certified QSAs and a team of technical experts took part in the project on behalf of Informzaschita. As a part of the project, the coverage of the PCI DSS standard was revised, payment card data traffic was documented, and all audits required by the standard were conducted. As a result, the experts collected all necessary audit information and prepared reporting documents submitted to the payment systems and approved by them.

The Bank has been working to bring the MPC into compliance with the requirements for several years. It was a complex project yet it was completed in accordance with the schedule due to the joint efforts of Sberbank, Sberbank Technologies and Informzaschita. Successful PCI DSS certification under the conditions of the difficult economic and international situation provides Sberbank with extra opportunities to improve its image as a stable and reliable bank for its clients, partners and international payment systems.

“There is no doubt that the Sberbank’s Main Processing Center handling more than 40 million transactions a day is the largest one in the CIS states. The compliance audit was a challenge for our experts but we were successful,” comments Alexey Bochkarev, head of the Informzaschita’s Banking Systems Security Department.

 

“Informzaschita has rendered services in the field of PCI DSS since 2006. We have six certified QSAs in our staff. According to our experience, confirmation of compliance is just as difficult as achieving compliance. Therefore, we help our clients maintain compliance on an annual basis to provide for the next successful certification,” says Yevgeniy Afonin, Director of the Informzaschita’s Consulting and Audit Department.