Nurbank receives international payment card safety compliance certificate PCI DSS v.1.2.
15.03.10 17:06
/KASE, March 15, 10/ - Nurbank (Almaty), listing on Kazakhstan Stock
Exchange (KASE), provided KASE with a press release dated
February 15, 2010:
Quotation begins
Nurbank received an Attestation of Compliance to international payment card
safety standard PCI DSS v.1.2., thus, making another step towards a complex
system of information safety compliant to global standards.
The bank was prepared to and tested by Russian company PACIFICA jointly with
IBM.
Nurbank became the first bank in Kazakhstan, and one of the few in CIS
reaching such level in terms of payment card safety.
Despite the significant work volume, the bank information system was prepared
to certification and tested within just 6 months and included three stages. At
the first stage QSA-auditor (IBM) completed a preliminary analysis of the system
ensuring payment card safety, prepared a report on shortcomings with indication
of recommendations and a detailed plan to eliminate such shortcomings. Bank IT
advisor to Chairman Andrey Chuchelov said "the preparation to certification was
very valuable - showing 'hidden rocks' in data networks, settings of
telecommunications and software, which often may only be seen after an
accident".
At the second stage PACIFICA and Nurbank experts took a number of measures
to bring the bank information structure in compliance with PCI DSS standards, as
a result of which a package of internal regulating documents was developed,
monitoring and analyzing tools, safety scanners and intrusion detectors were
installed. Steps to protect business processes of the bank were taken and the
intrusion test was conducted.
A certification audit was carried out at the third stage, proving compliance to
the standard; the bank received a PCI DSS Compliance certificate.
The bank enhanced its information system safety and facilitated processing.
Mr Chuchelov said the bank was not aiming at the PCI DSS compliance
certificate originally. In recent three years the bank purposefully and
aggressively improved information safety. This was caused, first, with
preparation of new internet and high tech products for bank clients.
Second, information safety is a priority when improving bank technologies
and information and technical systems.
"The naturally received the PCI DSS Complied status confirmed advanced
information safety and processes. However, it is an interim step as information
safety is a process requiring constant upgrade and controls", - Mr Chuchelov
emphasized.
Ends
[2010-03-15]