Two MultiKarta payment processing centers achieve compliance with PCI DSS

Customer: MultiKarta Corporation

Client

MultiKarta Corporation

  • Incorporated in 1994
  • A subsidiary of VTB Bank and a member of the VTB Group
  • A third-party payment processor and card authenticator certified by Visa and MasterCard Worldwide
  • A holder of payment card processing licenses from Diners Club International and American Express

A leader in the Russian payment processing industry, MultiKarta now provides the entire range of processing services for banks and vendors including internet stores.

Objectives

“The proliferation of plastic cards as a convenient means of payment is a major element of modern culture,” comments Ivan Tverdokhlebov, PCI DSS group manager, Jet Infosystems. “Unfortunately, card fraud has skyrocketed along with it. International payment systems have adopted a variety of fraud control measures; in particular, the Payment Card Industry Data Security Standard (PCI DSS) has been developed to minimize risks and maximize the development of card services.”

International payment systems require mandatory compliance with PCI DSS from all organizations that store, process or transmit cardholder data.

MultiKarta has been steadily expanding its client base. As of today, it handles payment cards issued by 38 banks including several of the largest Russian card issuers. While offering a full range of high-tech services, the company pays special attention to data security.

With an eye to its expansion and acquisition strategy and the increasing load on its existing computer facilities, MultiKarta has completed a project to establish a new fault-tolerant payment processing center compliant with all PCI DSS requirements. To achieve compliance for both the old center and the new one, , MultiKarta has selected Jet Infosystems as its partner.

“Expanding the range of our services and ensuring transaction security for cardholders have always been high on our agenda,” notes Mikhail Fedorov, director of information security at Multikarta. “After a joint project that involved overhauling our network and server facilities, Jet Infosystems possessed a deep knowledge of our infrastructure and understood our business. It had also completed PCI DSS compliance projects for a number of Russian banks and payment processing companies, a clear mark in its favor as a contractor.”

The project consisted of several stages. As in similar projects, Jet Infosystems experts began by reviewing Multikarta’s IT architecture and the interaction of all the major components of the payment processing system. PCI DSS applicability areas were identified. A detailed plan for achieving compliance was prepared.

“At this stage it was important to identify the scope of future certification, i.e. to determine which data processing and storage systems needed to comply with PCI DSS," says Evgeniy Akimov, deputy director of the Information Security Center at Jet Infosystems. "We formulated a detailed plan to achieve compliance, which covered restructuring, deployment of new solutions and modernization. This plan was prepared in close consultation with MultiKarta staff. The client was ready to engage in open dialogue and make informed decisions in cooperation with us throughout the project.”

The plan covered both payment processing systems, with some solutions suited to the old system and others to the new one. In this regard, Jet Infosystems’ creative expertise was complemented by its deep knowledge of various IT platforms. All components of the future data security system were to be interconnected, and every component was to benefit the day-to-day operations of the company.

At the second stage of the project, relevant procedures were implemented and data security hardware and software deployed. MultiKarta assumed responsibility for certain compliance measures; notably, its staff reconfigured some functioning IT systems and updated internal rules and procedures.

At the final stage, a special team of experts from Jet Infosystems audited MultiKarta for compliance with PCI DSS. They inspected cardholder data processing and storage systems, rules and procedures, and the configurations of data security mechanisms. The team concluded that MultiKarta’s payment processing center was in full compliance with PCI DSS.

The audit report was approved by international payment systems. MultiKarta received a certificate of compliance with PCI DSS 2.0.

Both payment processing centers operated by MultiKarta are now certified for compliance with PCI DSS 2.0. Such certification minimizes financial and credibility risks while boosting client and partner confidence. Moreover, it indicates that Visa and MasterCard trust the company and recommend it as a reliable partner.

“We have always done our best to provide quality services and improve our practices,” adds Mikhail Fedorov. “Compliance with PCI DSS ensures a high level of data security at the company and peace of mind for cardholders. Since compliance audits must be carried out annually, we are planning to continue our efforts to improve security for our business processes.”

Download (pdf, 106.99 Kb)

Two MultiKarta payment processing centers achieve compliance with PCI DSS