BPC Bank Technologies completed audit of a processing center

On October 21, 2014 the BPC Bank Technologies company announced successful passing of certification of a processing center on compliance to the PCI DSS 2.0 standard. Works in the project were carried out by Informzashita company.

Project Progress

All network devices of a processing center of BPC, servers and the applications connected to the environment of data processing of payment cards underwent audit. During the project specialists of Informzashita created additional requirements to infrastructure and processes of cybersecurity, offered changes of the internal regulating documentation, carried out scanning and penetration tests.

Execution of recommendations provided to BPC Bank Technologies increase in the overall level of security of information systems of a processing center. QSA audit as the final stage of certification, confirmed compliance to international standards of the payment industry.

Project Results

Informzashita carried out four stages of project implementation. Confirmed to BPC execution of requirements of international payment systems and reduced risks of emergence of incidents of cybersecurity.

"As the level of a maturity of security of infrastructure in BPC is rather high, we executed the project in a short time, – Alexey Bochkaryov, the head of department of security of banking systems of Informzashita company noted. – In the nearest future we will continue the project on transfer of BPC on the new version of PCI DSS v3.0 standard. At the same time the basis of the project will be formed by new approach on maintenance of compliance of PCI DSS in a break between certifications thanks to what the accuracy of certified checks will increase, and time of passing of final audit will considerably be reduced".

Sergey Tereshin, the director of a processing center of BPC Bank Technologies, emphasized: "The recommendations of auditors allowed to solve timely the non-standard tasks set within the project. Successful passing of certification allowed our company to confirm reliability and efficiency of the applied protective measures and processes of management of information security directed to prevention of unauthorized access to data of holders of payment cards".