Platbox Moves Business Critical System to CROC's Cloud and Has it Certified for Compliance with PCI DSS
Platbox payment system, which provides services to the MTS mobile operator, Wargaming.net (famous ‘World of Tanks’ online game developer), and donators of Life Line Fund, has moved its core processing system to CROC’s Virtual Data Center.
In order to meet bank card security requirements for a cloud environment, Platbox initiated CROC’s Virtual Data Center auditing for compliance with PCI DSS standard. The audit was performed by Digital Compliance, a Digital Security subsidiary which provides information security compliance services to financial institutions and payment systems. Upon completion of the audit, Platbox received a certificate confirming strong protection of its cloud services.
The International Payment Card Industry Data Security Standard (PCI DSS) requires the implementation of special data protection measures when moving processing to a public cloud. Both the payment system and cloud service provider shall be responsible for such an implementation. The provider (CROC) should ensure physical protection, limit access to its data center, and guarantee security of the information environment.
Following the audit, CROC was given the only recommendation to implement two-factor authentication (2FA) for accessing a self-service portal used by cloud customers for managing computing resources. 2FA provides additional security and protects customers against unauthorized access to cloud resources through a two-stage verification process. Therefore, if the password is intercepted or the customer’s administrator loses a notebook with previously entered data, portal access will be hampered. CROC specialists deployed 2FA within just one week, with each transaction now being made via the payment system in CROC’s cloud.
«This experience in PCI DSS certification will help us provide cloud services to other payment system market players and simplify the solving of organizational issues when moving processing systems to the cloud for future customers. Our cloud infrastructure is ready for such customer migration and provision of the required level of client payment data security,» said Maxim Berezin, Head of Virtual Data Center, CROC.
«We conducted a tender and considered another large cloud provider as well. However, eventually CROC was selected. Contrary to its competitor, CROC offered disk arrays with guaranteed high performance of up to 100,000 IOPS. Such capacity is absolutely a must for us to provide high-quality services to our customers in view of the multi-million volume and dynamic growth of transactions», said Anton Kuranda, CIO at Platbox.
«We made only minor remarks to CROC. The company employs reliable equipment and certified security facilities, and uses strict SLAs, which regulate the responsibility of all parties. This highlights the high level of CROC management, cloud service reliability, and the company’s commitment to worldwide standards,» said Pavel Fedorov, Managing Partner, Digital Compliance.