OREANDA-NEWS. March 18, 2010. Nurbank received an Attestation of Compliance to international payment card safety standard PCI DSS v.1.2., thus, making another step towards a complex system of information safety compliant to global standards, reported the press-centre of KASE.

The bank was prepared to and tested by Russian company PACIFICA jointly with IBM.

Nurbank became the first bank in Kazakhstan, and one of the few in CIS reaching such level in terms of payment card safety.

Despite the significant work volume, the bank information system was prepared to certification and tested within just 6 months and included three stages. At the first stage QSA-auditor (IBM) completed a preliminary analysis of the system ensuring payment card safety, prepared a report on shortcomings with indication of recommendations and a detailed plan to eliminate such shortcomings. Bank IT advisor to Chairman Andrey Chuchelov said "the preparation to certification was very valuable - showing 'hidden rocks' in data networks, settings of telecommunications and software, which often may only be seen after an accident".

At the second stage PACIFICA and Nurbank experts took a number of measures to bring the bank information structure in compliance with PCI DSS standards, as a result of which a package of internal regulating documents was developed, monitoring and analyzing tools, safety scanners and intrusion detectors were installed. Steps to protect business processes of the bank were taken and the intrusion test was conducted.

A certification audit was carried out at the third stage, proving compliance to the standard; the bank received a PCI DSS Compliance certificate.

The bank enhanced its information system safety and facilitated processing.

Mr Chuchelov said the bank was not aiming at the PCI DSS compliance certificate originally. In recent three years the bank purposefully and aggressively improved information safety. This was caused, first, with  preparation of new internet and high tech products for bank clients.  Second, information safety is  a priority when improving bank technologies and information and technical systems.

"The naturally received the PCI DSS Complied status confirmed advanced information safety and processes. However, it is an interim step as information safety is a process requiring constant upgrade and controls", - Mr Chuchelov emphasized.