Jet Infosystems recertified Bank of Moscow according to requirements of the PCI DSS standard

2014

On February 12, 2014 the Jet Infosystems company announced project completion on reduction of the systems and processes of Bank of Moscow bank ensuring safety of storage, processing and data transmission of payment cards in compliance to requirements of the PCI DSS 2.0 standard.

Project Tasks

Amounts of data, processed in payment systems, do ensuring their security, including reduction of payment systems of bank in compliance to requirements of the PCI DSS standard - one of paramount tasks.

"Compliance of our payment systems to requirements of Visa and MasterCard — one of the most important components of complex information security of bank and, as a result, safety of our clients. In close cooperation with Visa and MasterCard we are going to develop even more actively our innovation products and services" — Sergey Mednov, the board member of Bank of Moscow said.

Project Progress

The partner in the project of ensuring compliance of bank to the standard - Jet Infosystems company.

At the first stage of the project experts of Jet Infosystems booked preliminary audit of payment systems of Bank of Moscow on compliance to requirements of the PCI DSS standard and also estimated the level of their security. According to the results of inspection created the plan of reduction of IT infrastructure of bank in compliance to the standard. According to it finished normative and administrative documents, carried out segmentation of network, implemented additional resources of data protection. All this helped to provide compliance to the standard and to increase the level of information security of bank.

"Being guided by the principle of economic justification, we involved the means of protecting which are already available in bank in this project to the maximum, and additional resources implemented so that they provided compliance to the PCI DSS standard, did not complicate work of information systems in general and had practical value for ensuring their real protection. In particular, solutions of the class SIEM, control facility of integrity of systems and to that similar were implemented" — Elena Kozlova, the head Security Compliance noted.

Project Results

The final stage of the project - final audit which was booked by the group of experts of Jet Infosystems company, not taking part in project works. Results of audit are accepted by international payment systems of Visa and MasterCard. Bank of Moscow found the appropriate certificate.

2015: Jet Infosystems recertified Bank of Moscow according to requirements of the PCI DSS standard

At the beginning of 2015 Bank of Moscow and Jet Infosystems company completed recertification of payment systems and the related processes of bank according to requirements of the international standard PCI DSS 2.0. Certified process affected all systems ensuring safety of storage, processing and data transmission of payment cards.

Own processing center of Bank of Moscow for 2014 carried out more than 170 million financial transactions which total amount exceeded 1.5 trillion rubles. The card portfolio of bank includes 6.4 million active cards. Own ATM network of bank contains more than 2,100 devices, and network of point-of-sale terminals – over 9,000. In addition the bank services 45 agent banks owning 1000 ATMs. Compliance to the PCI DSS standard in this context is one more confirmation of safety of card transactions and reliability of bank. Recertification audit was booked by the Jet Infosystems company having the statuses Qualified Security Assessor (QSA) and Approved Scanning Vendor (ASV).

Experts of Jet Infosystems company conducted examination of the IT infrastructure of bank involved in data processing of payment cards. Audit covered the payment applications, a processing system, information security tools ensuring safety of the environment of these payment cards, network infrastructure, processes and procedures of the information security (IS), network of terminal devices including channels of connection, infrastructure services. Following the results a number of processes of information security was improved, settings of means of protecting are optimized and normative and administrative documentation is finished.

"Having implemented the project on reduction of bank in compliance to requirements of PCI DSS 2.0 which came to the end with success certification audit in 2013, the project team continued active works on support of infrastructure and processes within the PCI DSS standard. We regard passing of the next certification audit as additional confirmation of the status of the reliable, caring for data security clients of financial institution which was assigned to Bank of Moscow", – Alexander Kuryatnikov, the director of the department of processing services of Bank of Moscow comments.

Based on certification audit the conclusion about a full compliance of the IC of Bank of Moscow to requirements of PCI DSS is made. Results of audit are accepted by international payment systems of Visa and MasterCard, and to Bank of Moscow the appropriate certificate is issued.