SKB Bank Certified as PCI DSS 1.21.1 compliant

02/27/2012

Moscow. – SKB Bank and Jet Infosystems have finished a joint project to bring the bank’s payment system into compliance with the international data safety standard for the payment card industry (PCI DSS 1.2.1).

SKB is a major universal multi-branch bank that operates on the federal level and ranks among the 40 largest Russian banks in terms of its assets. Its services include a broad range of card-based products such as the issuance of Visa International cards for private clients, card processing, salary projects and support for international corporate cards. Since client trust directly depends on the level of information security, particularly in card processing, compliance with PCI DSS became a priority for the bank’s management.

The relevant contract was awarded to Jet Infosystems, a certified auditor that enjoys the status of Qualified Security Assessor (QSA) and Approved Scanning Vendor (ASV). The company also has ample experience with similar projects.

After a review of the bank’s IT infrastructure and data security processes Jet’s engineers developed a plan to bring SKB’s payment system into compliance with PCI DSS and improve overall information security at the bank.

Upon conducting risk analysis, Jet’s engineers designed and implemented several solutions to achieve compliance with PCI DSS as well as to meet the bank’s internal security needs. In cooperation with SKB’s team Jet Infosystems rearranged the network infrastructure, made sure the existing systems satisfy all the necessary requirements and launched the following interconnected systems:

  • An HP ArcSight-based monitoring and event management system;
  • An intrusion detection system based on IBM Proventia Network Security products;
  • An IBM Guardium-based system for monitoring database user activity;
  • A Tripwire Enterprise-based system for integrity control and configuration management.

“Since SKB’s existing data security system was fairly advanced to begin with, many of its subsystems just required some modernization. On the other hand, apart from achieving compliance with PCI DSS the bank wanted to establish a truly forward-looking DS system. Therefore, we used universal and scaleable solutions to ensure robust security. The client’s team made major contributions throughout the project and was consulted at every step of implementation,” comments Evgeniy Akimov, deputy director, Jet Infosystem’s Data Security Center.

The project was completed with a certification audit conducted by certified QSA auditors from Jet Infosystems. Once their review was endorsed by Visa, a certificate of compliance with PCI DSS 1.2.1 was issued to the bank in December 2011.

“As a participant in the international VISA and MasterCard systems, SKB is committed to continuously upgrading the technology of card services. We have already issued over a million cards whose secure and convenient use is supported by the bank’s information systems. The PCI DSS certification is a major step in the development of our credit card business,” - comments Vyacheslav Laptev, advisor to the Chairman of the Board, SKB Bank.


About SKB Bank

SKB is one of the largest regional banks in Russia. It operates over 200 branches and more than 500 banking machines in 40 Russian regions from Kaliningrad to Kamchatka. SKB offers a full range of retail products (affordable loans, high-interest deposits, fast money transfers and payments) as well as corporate services (business loans, cash services, salary payment projects and much more).