OREANDA-NEWS. The Bank of Moscow and Jet Infosystems company announce finalization of the project aimed at brining the Bank’s systems and processes ensuring the security of payment cards data storage, processing and transmission in compliance with PCI DSS 2.0 standard requirements. Payment systems Visa and MasterCard have confirmed the compliance of the security level.

At present the Bank of Moscow has a customer base of more than 100 thousand corporate and over 9 million private clients. The Bank’s card portfolio totals 6.4 mln. items as of year-end 2013. The Bank of Moscow owns a wide network of ATMs with over 2000 items which processed over 54.2 mln. financial transactions in 2013, it also has a network of retail terminals of more than 5700 items. The volume of data processed via payment systems makes security one of the Bank’s first priorities, including bringing the Bank’s payment systems in compliance with PCI DSS standard requirements.

"Our systems compliance with high standards set by Visa and MasterCard makes one of the most important elements of the Bank’s overall information security and as a result our clients’ security. Customers always trust reliable and technologically equipped banks that are able to ensure private data security and guarantee the continuity of their payment and card transactions. We are going to develop our innovative products and services even more actively in a close cooperation with Visa and MasterCard", points out Sergey Mednov, the Bank of Moscow Board member.

Jet Infosystems company became the Bank’s partner in the project aimed at bringing it in compliance with standards, the company has the status of Qualified Security Assessor (QSA) and Approved Scanning Vendor (ASV).

At the first stage of the projects Jet Infosystems experts carried out a preliminary audit of the Bank of Moscow payment systems to check their compliance with PCI DSS standard requirements and also evaluated their security level. Based on the results of the evaluation a plan was drafted to bring the Bank’s IT-infrastructure in compliance with the standard. According to the plan, normative and regulating documents were developed, a network segmentation was carried out and additional information protection was implemented. These steps allowed to ensure compliance with the standard and to enhance the Bank’s level of information security in general.

"We were guided by the principle of economic feasibility and, realizing this project, we largely used the existing protection means, and implemented new protection means so that they ensure compliance with PCI DSS standard, without hindering the operation of information systems in general, and bring actual value for their real protection. In particular, we implemented solutions of SIEM class, means of system integrity control, etc.", comments Elena Kozlova, Security Compliance head.

The closing stage of the project saw a final audit conducted by Jet Infosystems expert group that did not participate in project realization. The audit results were accepted by international payment systems Visa and MasterCard, and the Bank of Moscow received a relevant certificate.