A leading bank in the GCC region was keen to achieve PCI-DSS compliance, but the bank faced challenges on multiple fronts. Lack of well-defined processes, a high level of end-of-life (EOL) systems and a complex infrastructure landscape born out of a merger, expanded the scope of assessment.
SISA first conducted an in-house workshop for senior executives to help bridge their awareness gap, following which it proposed a three-phased approach to implementation consisting of Scoping and Assessment, Remediation and Certification. The assessment revealed that cardholder data was stored in multiple databases in plain text. SISA recommended 200+ action points for remediation, mapped these to respective departments and created a milestone-based plan for addressing these.
By investing in relevant security tools and remediating all the action points recommended by SISA, the bank was successful in achieving PCI-DSS certification in six months’ time. The certification also helped the bank achieve a better security posture and comply with regulatory mandates.
Read the complete case study to know more.