The Urals Bank for Reconstruction and Development and Jet Infosystems complete the bank’s certification for compliance with PCI DSS

03/29/2012

The Urals Bank for Reconstruction and Development and Jet Infosystems have completed a comprehensive project to bring the bank’s payment systems into compliance with PCI DSS 2.0, the international payment card industry data security standard. The project covered security enhancements to the bank’s payment systems as well asa number of infrastructural subsystems. It was followed by an audit that led to the issuance of a compliance certificate. The project went beyond PCI DSS requirements to meet the bank’s other data security needs.

The Urals Bank for Reconstruction and Development is one of the largest domestic banks, which operates in 19 Russian regions. Retail/corporate credit and debit card services are a major part of its business. In 2011 UBRD ranked among the 20 largest Russian banks in terms of plastic cards in circulation. The sheer volume of data processed by the bank’s payment systems makes data security, including compliance with PCI DSS, a top priority.

“We realize that our overall success crucially depends on the bank’s reliability and clients’ trust,“ comments Aleksandr Paderin, head of the Data Security Department, UBRD. “We believe that certification for compliance with PCI DSS, aside from being mandatory for financial institutions, is also a major component of information security that maintains the great trust we enjoy from our clients and partners. It also demonstrates that our bank follows mainstream trends in the financial sector.”

After a review of the bank’s payment systems for compliance with PCI DSS and for general data security issues Jet’s engineers developed a plan to bring SKB into compliance with PCI DSS. This cost-efficient plan had a minimal impact on the performance of the bank’s IT systems during implementation. Data security products that were installed at the bank for the first time included:

  • a Tripwire Enterprise-based system for integrity control;
  • a secure access control system (CISCO ACS);
  • a network activity monitoring solution (Imperva SecureSphere);
  • means of two-factor authentication.

“Each element of the plan and every part of the work was discussed in detail with the bank’s IT and DS staff; all the solutions were tested and customized in accordance with the client’s business needs,” says Evgeniy Akimov, deputy director of Information Security Center at Jet Infosystems. “While taking maximum advantage of the systems already installed at the bank, we added new dependable and time-tested products in such a way that the overall performance would not suffer, the PCI DSS would be met and, most importantly, true data security would be guaranteed. Note also that our solutions are scaleable and can be adjusted as needed in accordance with future Russian regulations for financial institutions.”

The project was completed with a certification audit conducted by certified QSA auditors from Jet Infosystems. Once their review was endorsed by Visa and MasterCard, a certificate of compliance with PCI DSS 2.0 was issued to the bank.


About the client

The Urals Bank for Reconstruction and Development is the largest bank in Ekaterinburg. After more than 21 years in operation, it currently has over 200 branches in 19 Russian provinces. The bank offers unsecured and secured loans, deposit services, debit cards support, foreign exchange operations and remote banking. It also provides business services such as corporate cards, salary projects, time deposits, leasing and overdraft protection.

For more information see http://www.ubrr.ru/