The Commercial Bank of Ceylon has obtained the prestigious Payment Card Industry Data Security Standard (PCI-DSS) certification from SISA Payment Security Specialists, the company that globally offers compliance and assurance on various payment standards.

The Bank has been certified as complaint with PCI-DSS v3.2.1 which is applicable to any company that accepts, stores, processes or transmits cardholder data. The compliance helps the Bank protect its payment systems from breaches and theft of cardholder data.

The certification was presented to the Bank following an in-depth assessment by SISA, and after the Bank was found to have met specific security standards in the industry inclusive of six goals, 12 requirements, and over 300 sub-requirements in the cardholder data environment.

“This is an extremely significant achievement, given our intensive focus on developing our Credit Card base, which is already the fastest growing in the country, as well our continuing efforts to develop IT-enabled products and services to push the boundaries of anytime, anywhere banking,” Commercial Bank Managing Director Mr S. Renganathan said.

SISA’s approach towards PCI compliance involves using meticulously developed compliance validation structure and security monitoring tools. After an initial assessment and scoping exercise to identify all the applications, system components and departments having access to cardholder information at the Bank, a risk assessment was conducted to identify exposure points in the infrastructure.This was followed by a gap assessment to identify the gaps with respect to compliance specifications and remediation steps. After an interim review at this juncture of the process, the final audit was conducted on the Bank’s systems which resulted in it obtaining the PCI- DSS Certification.

SISA Information Security Worldwide is a leader in the payments security space, with a presence in more than 35 countries and over 2,000 customers across the globe. It provides cutting-edge compliance services to a diverse client base that includes banks, ITES, insurance, e-commerce, payment service providers, telecommunications, airlines and retail companies.

A pioneer in Synergistic Security Framework which combines Consulting, Training, and Products, SISA endeavours to create a secure payments infrastructure for its customers. Besides being a Qualified Security Assessor (QSA), the Company is also an authorised assessor for various payments standards and is listed as a PCI QSA, PA QSA, PCI ASV, P2PE-QSA, PFI and VISA Approved PCI PIN Security Assessor.

The only Sri Lankan Bank to be ranked among the world’s top 1000 banks for eight years consecutively, Commercial Bank operates a network of 266 branches and 830 ATMs in Sri Lanka. The Bank has won multiple international and local awards in 2016 and 2017 and 30 international and local awards in  2018.

Commercial Bank’s overseas operations encompass Bangladesh, where the Bank operates 19 outlets; Myanmar, where it has a Representative Office in Yangon and a Microfinance company in Nay PyiTaw; and the Maldives, where the Bank has a fully-fledged Tier I Bank with a majority stake