FPT IS And SHBFinance Completed PCI DSS Compliance Assessment

SHBFinance is one of the inaugural organizations in Vietnam to be awarded the highest PCI DSS international security certification (Level 1, version 4.0).

Having successfully met the stringent criteria of the Payment Card Industry Data Security Standard (PCI DSS), SHBFinance has been awarded the PCI DSS international security certificate Level 1 version 4.0. This certification, issued by FPT IS - the QSA (Qualified Security Assessor) unit recognized by the PCI SSC Council, marks a significant milestone for SHBFinance as it strives to achieve its ambitious business goals in 2024.

Since October 2023, SHBFinance has collaborated with FPT IS to assess card business flows, evaluate the current status of information technology systems, and implement technical and technological solutions. Furthermore, they have updated policies and regulations to ensure compliance with the rigorous requirements outlined by the PCI DSS standard.

FPT IS and SHBFinance completed the PCI DSS compliance assessment

In just six months, SHBFinance and FPT IS have concluded the evaluation for PCI DSS 4.0 certification at the highest level (Level 1), adhering to 12 requirements and surpassing nearly 300 detailed information security stipulations. This comprehensive approach ensures compliance across six critical targets: establishing and maintaining a secure network system, safeguarding card data, developing a vulnerability management program, implementing robust access controls, conducting periodic system monitoring and audits, and upholding information security policies.

FPT IS has undertaken the following details: conducting a thorough survey of the current situation and assisting SHBFinance in optimizing the scope of PCI DSS assessment; providing consultancy services for the development and revision of policy documents; and executing tasks to ensure compliance with PCI DSS and Risk Assessment standards. This achievement signifies a significant milestone in enhancing SHBFinance's ability to safeguard the international card payment process, foster security compliance awareness among employees, and ensure alignment with international standards for card payment service providers. The attainment of PCI DSS v4.0 (Level 1) certification underscores SHBFinance's dedication to enhancing security standards to the highest level within the card system and across the entirety of the organization's IT system.

Mr. Quan Duc Minh, Production Director of Emerging Technology Services at FPT IS, expressed his pride in the designation as a technology partner for a significant project at SHBFinance. "Drawing on our numerous projects with SHBFinance and our three-decade-long track record of supporting the finance and banking sector, coupled with our status as an authorized entity for evaluating PCI DSS compliance certification in Vietnam, we have collaborated closely with SHBFinance to ensure the successful completion of this project. FPT IS anticipates that the PCI DSS certification will establish a robust foundation for SHBFinance to fortify its position and broaden its customer market reach".

Mr. Nguyen Trung Hieu, Director of SHBFinance Technology Division, emphasized: "The attainment of PCI DSS certification marks a significant milestone for us, propelling us forward in our overarching digital transformation journey. This achievement is instrumental in our ongoing efforts to prioritize safety and security, especially within our card system operations".

Reflecting on this process, Ms. Olena Khlon, General Director of SHBFinance, remarked: "SHBFinance expresses its profound gratitude for the diligent and methodical efforts of FPT IS and the project team. Their commitment ensured progress and maintained high work standards, enhancing service quality, information security, and risk mitigation for the company and its customers. This project stands as a key offering for SHBFinance's clientele".

The PCI DSS certificate is an obligatory information security standard for enterprises involved in storing, transmitting, and processing payment card data. Managed by five international payment organizations, including Visa, MasterCard, American Express, Discover, and JCB, this standard safeguards customers' payment card data, thereby minimizing security vulnerabilities and preventing breaches and unauthorized use of data.

SHBFinance has been a member of two prominent banking institutions (SHB and Krungsri Thailand) since June 2023. SHB ranks among Vietnam's top 5 largest private banks, boasting a legacy of 30 years of growth. On the other hand, Krungsri Financial Group, with a history spanning 75 years, is a strategic member of the Japanese Financial Group MUFG and is extending its presence across five countries in the region.

After over six years of operation, SHBFinance has earned a position among Vietnam's top 8 largest consumer finance companies. It boasts a vast business network across 54 provinces and a workforce of over 7,000 service staff members.

Presently, FPT IS is one of the select few companies in Vietnam acknowledged as a Qualified Security Assessor (QSA), enabling it to offer PCI DSS consulting, assessment, and certification services. Since 2015, FPT IS has garnered trust as a partner in delivering these services for numerous major banks and financial institutions, including MB, SeABank, Eximbank, Lotte Finance Vietnam, One Mount Group, FE Credit, and PVComBank.