Jet Infosystems certifies UkrSibBank for compliance with PCI DSS

01/21/2013

Moscow. UkrSibBank and Jet Infosystems have completed another audit of the bank’s card data security systems and processes for compliance with the PCI DSS standard.

UkrSibbank currently operates about 650 branches across Ukraine and has several million individual clients. “UkrSibbank remains a leader among more than 170 Ukrainian banks due to its use of the best world practices, particularly in the data security area. Compliance with PCI DSS is further evidence of the bank’s integrity and card transaction security for our clients,” says Aleksandr Moroz, head of UkrSibbank’s card processing center.

The contract to bring the bank into compliance with PCI DSS was awarded to Jet Infosystems, a bearer of Qualified Security Assessor (QSA) and Approved Scanning Vendor (ASV) statuses.

“As UkrSibbank pursues a strategy that calls for the use of state-of-the-art IT technologies and systems that are ideally suited for its business needs, its IT-architecture has evolved significantly since the previous audit. Therefore, our task was broader than just conducting a review. We had to help the bank achieve compliance with PCI DSS in view of changes in its IT architecture and to enhance data security in general,” says Evgeniy Akimov, deputy director of Jet Infosystems’ Information Security Center.

Jet Infosystems conducted a review of the bank’s IT infrastructure, particularly payment applications involved in card data storage, transfer and processing. The review covered systems such as SmartVista and SAP AMP as well as their data protection instruments, the network infrastructure, DS processes and procedures, terminal networks including connection channels, and infrastructural services.

The audit resulted in a plan to bring the bank’s IT infrastructure into compliance with PCI DSS and to improve data security in general. Based on this plan, UkrSibbank staff in consultation with Jet Infosystems reviewed and improved DS documentation, performed subnetting, and deployed additional data security instruments.

At the final stage of the project a team of Jet Infosystems experts who had not participated in its implementation conducted a final audit. The results of the audit were approved and certified by VISA and Mastercard.