20.10.2014

Compliance of BPC Banking Technologies with the Requirements of the PCI DSS Standard

Project completion date:

October 20, 2014

The Customer:

BPC Banking Technologies is a leading provider of payment solutions for the global financial industry. The company is mainly known as the developer and distributor of SmartVista – a line of products based on BPC’s innovative platform. It is a comprehensive suite of software solutions covering every aspect of electronic payment processing. BPC’s customers include world leading financial organizations from all over the world. BPC’s offices operate in the Asia Pacific; Central, Eastern and Western Europe, Africa and Gulf States, Central and South America, and the United States.

Business needs:

  • Bringing a new line of the company’s business – processing services related to issuing cards and supporting card-based transactions for banks – in compliance with PCI DSS
  • Update of standard coverage in view of organizational changes and changes in IT and IS management processes
  • Instrumental assessment of the protection of the payment card data environment against external and internal threats

Objectives:

Experts from Informzaschita were to solve the following problems as a part of the project:

  • Preliminary analysis of the design solution for the Customer’s processing center and determination of the requirements to the infrastructure and processes in compliance with PCI DSS
  • Control over the implementation of determined requirements, development/modification of regulatory documents and consulting the Customer on issues related to compliance with PCI DSS 2.0 and selection of security tools
  • Integrated (external and internal) penetration tests for the payment card data processing environment
  • Certification audit confirming the Customer’s compliance with the requirements of PCI DSS

Solution:

The audit covered all network devices of the BPC’s ProcessingCenter, servers and applications connected to the payment card data processing environment. Experts from Informzaschita set additional requirements to the IS infrastructure and processes, suggested amendments of the in-house regulations and performed all necessary scans and penetration tests. Finally, a QSA audit was conducted to confirm compliance with the international standards of the payment industry.

The project activities were carried out according to the global best practices in the field of IS.

Result:

Key results of the project:

  • Compliance with the requirements of the PCI DSS standard, which helped avoid potential fines
  • Reduced IS incident risks including potential compromise of payment card data
  • Business development potential
  • Increased overall security level of the ProcessingCenter’s information systems
  • Increased awareness among company employees with regard to information security issues

In addition, based on the project results a decision was made to transfer BPC to a new version of the standard (PCI DSS v3.0) with simultaneous compliance with PCI DSS in-between certifications and automatic prolongation of the PCI DSS compliance status. Such an approach ensured high precision of certification audits and reduced the period of the final audit.