CMC TS granted PCI DSS certificate to Viet Capital Bank

On December 18th, 2018 in Ho Chi Minh City, CMC Corporation held a ceremony to grant international certificate of payment card data security - PCI DSS to Viet Capital Bank. This certificate is granted by CMC Information Security Joint Stock Company (CMC Infosec) in accordance with the world standard of Payment Card Industry Security Standard Council (PCI SSC), the whole project was consulted and supported by CMC Saigon System Integration Company Limited (CMC SISG).

\

From left to right: Mr. Tong Anh Duc (Director of  Banking and Finance Center – CMC Infosec) - Ms. Tran Thi Phuong Hong (Deputy CEO of CMC SISG) - Mr. Ho Thanh Tung (Deputy CEO of CMC Corporation) - Mr. Phan Viet Hai (Director of Viet Capital Bank’s IT Department) - Mr. Le Van Be Muoi (Deputy CEO of Viet Capital Bank) - Mr. Ngo Quang Trung (CEO of Viet Capital Bank)

Overview of the granting ceremony of security certificate

Viet Capital Bank was established in 1992 and is gradually affirming its position in banking and financial markets. With the goal of increasing the ability to flexibly meet the diverse needs of customers for products, services and utilities, Viet Capital Bank has been accompanied by CMC Corporation - the pioneer in successfully solving many technological problems and creating competitive advantages for many banks in Vietnam. Especially, dealing with problems of information security & safety is always a strength of CMC. In 2018, CMC was honored to be selected by Viet Capital Bank for consultation, assessment  and grant of certificate of international payment card data security - PCI DSS. On the morning of December 18th, 2018, the ceremony for granting certificate of international payment card data security - PCI DSS to Viet Capital Bank was held at Novotel Hotel in Ho Chi Minh City with the attendance of Mr. Ngo Quang Trung (CEO of Viet Capital Bank), Mr. Le Van Be Muoi (Deputy CEO of Viet Capital Bank), Mr. Phan Viet Hai (Director of Viet Capital Bank’s IT Department), Mr. Ho Thanh Tung (Deputy CEO of CMC Corporation), Ms. Tran Thi Phuong Hong ( Deputy CEO of CMC SISG) and Mr. Tong Anh Duc (Director of Director of  Banking and Finance Center – CMC Infosec).

PCI DSS (Payment Card Industry Data Security Standard) is a mandatory information security standard for businesses to store, transmit and process data of payment cards managed by 05 international payment organizations: Visa, MasterCard, American Express, Discover and JCB. PCI DSS is a standard authorized by the international payment organizations mentioned above for Payment Card Industry Security Standard Council (PCI SSC) to manage. It is developed for the purpose of increasing control over cardholder data and limiting frauds and thefts of payment card data. The certificate will be valid for one year, and businesses must perform periodic reassessment. PCI DSS has 12 mandatory requirements, including: building and maintaining firewall system to protect payment card data, protecting payment card data when stored on the system, regularly using and updating anti-virus software, building & maintaining the system and applications to ensure network security, regularly assessing and re-testing procedures of system security, etc. In Vietnam, so far only about 10 banks have certification for complying with this PCI DSS card data security standard.

Previously, Viet Capital Bank had cooperated with CMC SISG in many projects such as consulting, building & transferring 2 data centers - DC and DR; network system, database server for data center and core banking; consulting security system to ensure safety for banks, etc. In the field of information security, CMC SISG together with CMC Infosec have coordinated, assessed and reviewed procedures and systems of information security of Viet Capital Bank. During the process of appraisal and assessment, CMC SISG has coordinated to consult and inspect compliance of Viet Capital Bank in accordance with PCI DSS standards issued by CMC Infosec. The two companies have provided mutual technical support, ensuring the implementation of project schedule and quality. Based on the results and assessment of the project, CMC Infosec has officially granted a PCI DSS certificate of payment card data security to Viet Capital Bank. Currently, CMC Infosec is the second enterprise entitled to assess and grant certificate of payment card data security in accordance with PCI DSS world standard. Payment Card Industry Security Standard Council (PCI SSC) has recognized CMC Infosec as a QSA company which is licensed by PCI SSC to assess and grant compliance certification for banks in particular and units participating in the field of payment by international payment card in general.

Ms. Tran Thi Phuong Hong (Deputy CEO of CMC SISG) talked about the process of project implementation

Ms. Tran Thi Phuong Hong (Deputy CEO of CMC SISG) assessed the implementation process: “The advantage of long-term cooperation between CMC and Viet Capital Bank in the past helps CMC to provide comprehensive analysis of customer’s IT infrastructure security and contribute to successful project implementation. Integrating more security solutions is a strength of CMC to help customers complete security diagram for infrastructure, thus to easily be awarded PCI DSS certification.” Sharing more about the assessment process for information security of Viet Capital Bank, Mr. Ha The Phuong (Deputy CEO of CMC Infosec) said: “PCI DSS 3.2 is the latest version of PCI in the field of payment card, with many conditions that are more stringent and stricter than the old version. Especially, it adds more details about the requirements for multi-factor authentication, security standards for data encryption and requires compliance policies to be maintained throughout the organization as well as in periodic reviews. The grant of PCI DSS 3.2 certificate to Viet Capital Bank by CMC affirmed CMC's ability to help customers of financial sector in general and banking sector in particular meet strict requirements of payment card data security during storage, processing and transmission in accordance with international standards. In the coming time, CMC will continue to accompany Viet Capital Bank to ensure compliance to PCI DSS as well as other international standards in order to meet security requirements from international organizations in payment card industry and other requirements on safety and security from State administrative agencies." 

Talking about the success of the project, Mr. Phan Viet Hai (Director of Viet Capital Bank for IT Department) commented: “From the beginning, Viet Capital Bank has identified the importance of being granted an international certificate of payment card security, therefore our entire technical team has cooperated well with CMC, ensuring to meet strict standards of PCI, from the process to the techniques. By being awarded this certificate, Viet Capital Bank has affirmed its reputation and quality and at the same time met the highest standards of PCI DSS organizations in providing payment card products both domestically and internationally.” PCI DSS certificate will allow Viet Capital Bank to have up to 6 million Visa cards registered each year, help customers to be more confident when using payment card or online payment services, increase the number of customers and stimulate business growth in accordance with strategy of Viet Capital Bank. As for CMC Corporation, this project of appraising and granting PCI DSS certificate is a premise for customers to be more confident in using CMC’s information security solutions and services , helping CMC to be more confident in introducing new security services such as Fraud Detection (fraud prevention system) GRC Achievements (Governance, risk and compliance), etc. for domestic and international banks.

The cooperation between Viet Capital Bank and CMC Corporation reflects the right way of doing business of both parties, and above all, it brings the best and safest values to users.