Oct 27, 2022 — Brankas, a leading Open Finance technology provider, has today announced that it has gone live with Visa to unveil a new Open Finance solution to increase financial inclusion across Southeast Asia, citing TrustDecision (Tongdun) and IziData as two of the pilot customers already using the joint solutions.
Brankas is pleased to announce that we have passed the certification audit carried out by the QSA (Qualified Security Assessor) certified by PCI Security Standard Council (PCI SSC). We successfully hold the PCI-DSS (Payment Card Industry Data Security Standard) certificate as of 31 December 2021 with PCI Compliant Level 1.
This certification adds to the list of certificates that Brankas currently has, ISO 27001 – a widely accepted standard security compliance framework, same with PCI-DSS certificate.
Protecting Card Transactions
PCI-DSS is an information security standard comprising policies and procedures to ensure the security of credit, debit, and other cash card transactions and protects against misuse of personal information. Developed by the major credit card companies Visa, MasterCard, Discover and American Express in 2004, it has become the industry standard for organizations that accept, process, store, or transmit card transactions. A PCI-DSS-certified organization maintains a highly secure environment when handling payment information.
As a set of security regulations and procedures that organizations voluntarily agree to uphold, PCI-DSS are designed to keep payments secure while preventing fraud. Organizations such as issuers, acquirers, processors, merchants, and banks that are PCI-DSS-certified commit to robust security measures that ensure consumer protection. Non-compliance with these standards generally means fines, recurring charges and higher fees.With its recent PCI-DSS certification, Brankas commits to strong information security controls when storing, processing or transmitting cardholder information. We understand our crucial role in driving open banking and open finance throughout the region, and being the pioneer Open Finance provider in Southeast Asia to obtain PCI-DSS compliance only strengthens our mission to provide innovative services with topnotch security in mind.
In being PCI-DSS certified, Brankas is aligned with the main objectives and requirements of PCI DSS.
1. Building and maintaining Network Security
Properly configured firewalls protect the card data environment in which transactions are facilitated. These firewalls must be able to restrict incoming and outgoing traffic, based on the organization’s criteria. Brankas implements software firewalls, and has set configurations to ensure protection for every internet connection, as well as between any DMZ and the internal network zone.
We Implement anti-spoofing measures to detect and block forged source IP addresses from entering our internal networks. Likewise, we maintain user access controls on an as-needed basis and to as few individuals as needed.
2. Implementing Strict Access Control and Access Authentication Measures
Our user access provisioning follows the Principle of Least Privilege, which entails that user access is granted strictly based on the job function and only to the extent necessary to perform day-to-day activities. The Brankas access control system is configured to ensure access is based strictly on job classification, integrated with Single Sign-On authentication. Additionally, account passwords must follow strong password requirements and Multi-Factor authentication. Data is protected with strong cryptography during transmission and at rest.
3. Maintaining and Developing Secure Systems and Applications
Security is an end-to-end concern throughout the software development process. As such, Brankas commits to secure coding practices, among others by ensuring that we prevent injection flaws, SQL injection, XSS flaws, cross-site request forgery (CSRF). We then implement a rigorous code-review process to identify any residual coding vulnerabilities not earlier detected, prior to release to production for consumption of customers.
4. Maintaining a Vulnerability Management Program
It is important to ensure that any attempt to exploit cardholder data is immediately addressed. We apply preventative measures to protect against malicious activity, and to protect our systems against bugs and vulnerabilities. Our vulnerability management program makes use of periodic Approved Scanning Vendors (ASV) vulnerability scanning and use of trusted sources to keep abreast with security vulnerability information. Brankas performs penetration testing periodically. Our policies ensure that any exploitable vulnerabilities found during the vulnerability scan and penetration testing are remediated immediately. Rescanning processes are also carried out so that the fixes to the identified vulnerability scan or penetration testing results are confirmed.
Our continuous commitment
Our PCI-DSS certification is an important moment for Open Finance in Southeast Asia, as we set the standard for information security practices and compliance standards that must be followed by Open Finance participants providing their services throughout the region. With this certification, Brankas continues its commitment to maintaining security in card data, as we move towards accelerating the implementation of open banking or open finance throughout the region.