VTB received the international certification of security of payment cards

2017

Certification on PCI DSS

On August 14, 2017 requirements of PCI DSS 3.2 (Payment Card Industry Data Security Standard) of VTB Bank knew of the project on certification of conformity. This certificate confirms security of resources of bank for safe use of payment cards.

PCI DSS is developed by international payment systems and defines requirements to the organizations in which information infrastructure data of payment cards are stored, processed or transferred.

"For VTB bank information security support is one of priorities therefore successful passing of certification of PCI DSS 3.2 is important for us. It gave us the chance to analyze, all moments connected with security are how fully considered". Olga Dergunova, the vice president – the chairman of the board

2014

On July 8, 2014 it became known of the project of an information security audit in VTB bank. The DialogNauka company performed works within the project.

Project Tasks

The VTB bank signed the agreement with DialogNauka Ltd on carrying out security audit for the purpose of receiving independent and objective assessment of security of bank from external threats from potential malefactors.

Project Progress

Within audit penetration test and assessment of security of the Internet portal of bank is executed. In a project deliverable specialists of VTB bank obtained the complete information about a current status of protection of external security perimeter of bank and also possible steps on its further improvement.

Penetration test - modeling of the external attacks of potential malefactors on the selected data assets of the customer. Modeling of the attacks directed to use of vulnerabilities in client applications, Wi-fi networks, the server software, etc. is carried out. The carried-out penetration test included the attacks using methods of social engineering. Within assessment of level of security of the Internet portal of bank an inspection on existence of the main types of vulnerabilities is carried out:

• the vulnerabilities connected with incorrect processing of the user input (for example, SQL injection, XSS, OS command injection, etc.);
• lack of check or incorrect check of privileges of the user at access to private functions or resources of the Internet portal;
• errors in the protocol of authentication of users;
• vulnerabilities in the organization of safe connection;
• an opportunity to cause failure in service (Denial of Service);
• the incorrect processing of exclusive situations leading to information leak about the application.

Project Results

The closing statement contains the description of the methods and means used in auditing process, the recommendation of increase in level of security of information resources of bank.

Victor Serdyuk, the CEO of DialogNauka Ltd, noted: "We are glad that VTB addressed DialogNauka company for carrying out an information security audit. Joint work of consultants of our company and specialists of Information Security Service of bank allowed to implement this project effectively. We in return hope for continuation of cooperation with VTB bank in the future".