Jet Infosystems helps MultiKarta achieve compliance with PCI DSS
Moscow ─ MultiKarta and Jet Infosystems have completed a project to ensure that its payment processing center meets PCI DSS 2.0, the international standard on information security in the payment cards industry
MultiKarta is a major Russian company providing a full range of card processing services for banks and merchants. In order to guarantee reliable protection of cardholder data, the company has been continuously improving its information security.
When it became necessary to bring its processing centre to full compliance with PCI DSS 2.0, MultiKarta decided to hire a third-party contractor.
“We have been cooperating with Jet Infosystems since 2008, when the expansion of our business required an overhaul of network and server infrastructure," comments Mikhail Fedorov, director of information security at Multikarta. "The company had a deep knowledge of our infrastructure, understood our business and had delivered PCI DSS projects for a number of Russian banks and payment processing companies, a decisive advantage for a contractor.”
Jet Infosystems, a certified auditor enjoying Approved Scanning Vendors (ASV) and Qualified Security Assessor (QSA) statuses, can also audit card processing companies for compliance with PCI DSS.
The contractor had to appreciate the sophistication of Multikarta’s IT infrastructure, which includes over 60 servers on two sites, Moscow and St. Petersburg. Business continuity requirements imposed certain major restrictions on the project. Moreover, during the same period the company was migrating to a new processing system.
At the first stage of the project, Jet Infosystems experts reviewed Multikarta’s IT architecture and the interactions among all of the components of the payment processing system. PCI DSS applicability areas were identified. A detailed plan for achieving compliance was prepared for the current processing system and for the future system in accordance with migration blueprints.
“At this stage it was important to single out the scope of future certification, i.e. to determine which data processing and storage systems had to comply with PCI DSS," comments Evgeniy Akimov, deputy director of the Information Security Center at Jet Infosystems. "A detailed plan to achieve compliance covered restructuring, deployment of new solutions and modernization. This plan was prepared in close consultation with MultiKarta staff. The customer was ready to engage in open dialogue and make joint informed decisions throughout the project.”
The most challenging part of the project was the second stage. It involved the actual introduction of new procedures and hardware/software to enhance security. During the Jet Infosystems project, Multikarta was introducing a new data processing system, expanding its range of services and adding new banks to its list of clients. The integrator had to continuously review the situation and make quick adjustments to its solutions. MultiKarta assumed responsibility for certain compliance measures; in particular, its staff reconfigured some functioning IT systems and updated internal rules and procedures.
At the third stage, MultiKarta was audited for compliance with PCI DSS by a special team of experts from Jet Infosystems. They inspected payment data processing and storage systems, rules and procedures, configurations of data security mechanisms. The team was satisfied that MultiKarta’s payment processing center fully complies with PCI DSS.
The audit report was approved by international payment systems. MultiKarta was issued a certificate of compliance with PCI DSS 2.0.
“We are always doing our best to provide high-quality services and further improve our business practices. Compliance with PCI DSS ensures a high level of data security at our company and peace of mind for cardholders,” adds Mikhail Fedorov.