Kuwait-based Gulf Bank has become the first bank in the country to receive the Payment Card Industry (PCI)-Data Security Standards (DSS) 3.0 certification.
PCI-DSS is the global industry standard for compliance and security for personal payment card data, to which vendors and businesses are required to conform by 1 January 2015.
The bank’s PCI-DSS 3.0 compliance was validated on 20 May 2014 after an audit conducted by SISA, a qualified security assessor from PCI Security Standards Council.
The bank met six different security parameters required to achieve the PCI-DSS 3.0 compliance, including building and maintaining a secure network, protecting cardholder data, maintaining a vulnerability management program, implementing strong access control measures, regularly monitoring and testing of networks, and maintaining an information security policy.
Gulf Bank head of ISS and PIO Himanshu Tewari said: "Gulf Bank’s attainment of PCI – DSS 3.0 compliance is in line with its client centric approach. For Gulf Bank getting PCI DSS certification is more than checking a box on an annual audit, it reflects the bank’s values to constantly operate with its clients’ best interest at heart, and protect and avoid misuse of customer data."