FPT IS accompanies PVcomBank to conquer the PCI DSS international security certificate

Satisfying 12 demanding requirements related to payment card data security standards, Vietnam Public Joint Stock Commercial Bank (PVcomBank) has been granted the PCI DSS international security certificate. The granted certificate is of version 3.2.1 at the highest level (level 1), issued by FPT Information System Corporation (FPT IS), a Qualified Security Assessor (QSA) body recognized by the PCI SSC, and is valid for one year.  

Starting from July 2022, PVcomBank has undergone an evaluation of card business flows, and the current situation of the IT system. The bank has implemented tech solutions and made changes to policies and regulations to comply with the demanding requirements set forth by the PCI DSS with support from FPT IS.

PVcomBank is granted the highest level of the PCI DSS international security certificate.

After only 10 months, FPT IS confirms that PVcomBank has fully met 6 target groups with 12 demanding requirements set out by the PCI DSS, specifically, Building and maintaining a firewall system to protect card data; Encrypting information on data transmission lines during transactions; Implementing periodic testing of applications and systems; Ensuring security for organizations and businesses related to international card data processing, transmission and storage; Maintaining information security policies for related individuals. Being granted the PCI DSS 3.2.1 level 1 certificate by FPT IS has affirmed PVcomBank’s efforts in consolidating security standards to the highest level, not only in terms of card payment system but also the entire IT system of the bank.

After only 10 months of implementation, FPT IS confirms that PVcomBank has fully met 12 demanding requirements set out by the PCI DSS.

Mr. Nguyen Viet Ha – Deputy General Director of PVcomBank says: “As soon as we identify digital transformation as a major task, PVcomBank has been determined to acquire international standards on safety and security for the development of services. Being granted the PCI DSS certificate is an important milestone and a new step forward for PVcomBank in the digital transformation journey in general and in the efforts to ensure safety and security for the IT system in particular. This also contributes to enhancing the bank’s reputation, further consolidating the customers’ trust in PVcomBank’s card and payment products, and laying the foundation to open up opportunities to connect and collaborate with major financial partners across the world in the future”.

Before being granted the PCI DSS standard, PVcomBank has undergone an evaluation on system situation, implemented tech solutions, changed policies and regulations to comply with the demanding requirements set out by this standard with support from FPT IS.

Working with PVcomBank, Mr. Nguyen Hoang Minh – CEO of FPT IS – says, the project for PVcomBank to acquire the PCI DSS certificate is a journey of many challenges. Given the complexity of the card systems and operations at PVcomBank, FPT IS and PVcomBank have worked closely to build an overall picture of the bank’s current situation, an important foundation for the success of the project. The two sides have promoted all communication channels, increased the frequency of meetings, and continuously revised plans according to actual implementation progress.

“Being the leading qualified security assessor company for PCI DSS evaluation in Vietnam with 30 years of experience in the Finance – Banking sector, FPT IS has accompanied PVcomBank to completely remove all obstacles and successfully deliver the project ahead of schedule. We believe that the PCI DSS certificate will be an important stepping stone for PVcomBank to conquer the bank’s strategy on digital transformation and realize future business goals”, said the CEO of FPT IS.

To maintain the certificate for subsequent years, PVcomBank will have to undergo re-evaluations, and the security criteria should be upgraded and maintained regularly. That requires PVcomBank to spend a lot of resources and time investing in IT systems. This is a challenge but also an opportunity for the bank to access new technologies and correct any shortcomings to enhance information safety and security to meet the criteria set out by the PCI DSS standard.

PCI DSS (Payment Card Industry Data Security Standard) certificate is a globally recognized information security standard and a mandatory requirement for businesses that store, transmit and process payment card data. This standard is formed by PCI SSC – the Payment Card Industry Security Standards Council, established by an alliance of the world’s five largest card brands including Visa, MasterCard, American Express, Discover Financial Services, and JCB International.

The PCI DSS standard is developed to help card payment organizations protect customer data and prevent unauthorized access and use of data. This standard is applicable to all organizations that store, process or transmit card data to minimize security vulnerabilities and risks of information theft, and enhance the protection of card data.