28.01.2015

Confirmation of the Conformity of the Svyaznoy Bank’s Processing Center with the Requirements of the PCI DSS Standard

Project completion date:

December 2014

The Customer:

The Svyaznoy Bank is a Russian bank of federal importance. In addition to the general license issued by the Central Bank of the Russian Federation, the Bank also has licenses of the Russian Federal Financial Markets Service to conduct broker, dealer and depository activities, security management activities and licenses for issuing VISA and MasterCard plastic cards.

Business needs:

The Svyaznoy Bank is one of the leading private banks in Russia by the turnover of payment card-based payments. The Bank offers different services as a part of the VISA and MasterCard international payment systems. Due to this, the Bank must confirm its conformity with the requirements of the PCI DSS standard on an annual basis.

Objectives:

  • Preliminary analysis of compliance with the requirements of the PCI DSS standard and development of an action plan to eliminate any revealed non-compliance
  • Integrated penetration tests for payment card data processing environment
  • External vulnerability scanning (ASV scanning)
  • Certification audit confirming the confirmation of compliance with requirements of the standard

Solution:

Experts from Informzaschita performed a number of works to improve the Svyaznoy Bank’s information security procedures. The operations covered incident management, risk analysis, safe storage of the cards details, critical technology control and other procedures stipulated by the regulating authority.

The project team implemented technical measures to assess and ensure correct settings of servers, network equipment, applied software and security tools. ASV scanning and integrated penetration tests confirmed high security of the Bank’s information system in terms of threats related to potential hacker attacks.

Result:

The Svyaznoy Bank’s ProcessingCenter passed the certification audit for compliance with the requirements of the Payment Card Industry Data Security Standard (PCI DSS) in December 2014. The certification procedure confirmed high security of the Bank’s payment card data environment.