Home / Financial Services/ Commercial Bank becomes PCI-DSS certified

Commercial Bank becomes PCI-DSS certified

Comments / {{hitsCtrl.values.hits}} Views / Thursday, 10 January 2019 01:33



  • Global Payment Security Specialist SISA deems bank’s payment systems and cardholder data to be secure

The Commercial Bank of Ceylon has obtained the prestigious Payment Card Industry Data Security Standard (PCI-DSS) certification from SISA Payment Security Specialists, the company that globally offers compliance and assurance on various payment standards.

The bank has been certified as complaint with PCI-DSS v3.2.1 which is applicable to any company that accepts, stores, processes or transmits cardholder data. The compliance helps the bank protect its payment systems from breaches and theft of cardholder data.

The certification was presented to the bank following an in-depth assessment by SISA, and after the bank was found to have met specific security standards in the industry inclusive of six goals, 12 requirements, and over 300 sub-requirements in the cardholder data environment.

“This is an extremely significant achievement, given our intensive focus on developing our credit card base, which is already the fastest growing in the country, as well our continuing efforts to develop IT-enabled products and services to push the boundaries of anytime, anywhere banking,” Commercial Bank Managing Director S. Renganathan said.

SISA’s approach towards PCI compliance involves using meticulously developed compliance validation structure and security monitoring tools. 

After an initial assessment and scoping exercise to identify all the applications, system components and departments having access to cardholder information at the bank, a risk assessment was conducted to identify exposure points in the infrastructure. 

This was followed by a gap assessment to identify the gaps with respect to compliance specifications and remediation steps. After an interim review at this juncture of the process, the final audit was conducted on the bank’s systems which resulted in it obtaining the PCI- DSS Certification. 

SISA Information Security Worldwide is a leader in the payments security space, with a presence in more than 35 countries and over 2,000 customers across the globe. It provides cutting-edge compliance services to a diverse client base that includes banks, ITES, insurance, e-commerce, payment service providers, telecommunications, airlines and retail companies.

A pioneer in synergistic security framework which combines consulting, training, and products, SISA endeavours to create a secure payments infrastructure for its customers. Besides being a Qualified Security Assessor (QSA), the company is also an authorised assessor for various payments standards and is listed as a PCI QSA, PA QSA, PCI ASV, P2PE-QSA, PFI and VISA approved PCI PIN Security Assessor.  

The only Sri Lankan bank to be ranked among the world’s top 1000 banks for eight years consecutively, Commercial Bank operates a network of 266 branches and 830 ATMs in Sri Lanka. 

The bank has won multiple international and local awards in 2016 and 2017 and 30 international and local awards in   2018.

Commercial Bank’s overseas operations encompass Bangladesh, where the bank operates 19 outlets; Myanmar, where it has a Representative Office in Yangon and a microfinance company in Nay Pyi Taw; and the Maldives, where the bank has a fully-fledged Tier I bank with a majority stake.

Share This Article

Facebook Twitter


1. All comments will be moderated by the Daily FT Web Editor.

2. Comments that are abusive, obscene, incendiary, defamatory or irrelevant will not be published.

3. We may remove hyperlinks within comments.

4. Kindly use a genuine email ID and provide your name.

5. Spamming the comments section under different user names may result in being blacklisted.


Today's Columnists

A case for reviewing plantation management

Thursday, 23 May 2019

Last week, I elaborated on ‘Going Beyond Agronomic Research for Plantation Reform’ with the aim of beginning a conversation on the importance of non-agronomic research to understand the many problematic areas that plague the plantation sector, in

How are we doing in e-government?

Thursday, 23 May 2019

It is customary to assess some aspect of the performance of a country using a composite index such as the Ease of Doing Business Index or the Network Readiness Index. For government services, there is the e-Government Development Index (EGDI), issued

National introspection in the aftermath

Thursday, 23 May 2019

“The immediate task for the Government is to guaranty the safety and security of all innocent Muslims and prevent a recurrence of 1983 … One cannot eradicate one evil with another” – Anatomy of an Islamist Infamy (III), CT, 9 May. In this, th

Dhammika Perera an anti-establishment candidate

Thursday, 23 May 2019

During the holy Vesak weekend the phones were buzzing all over Sri Lanka over a story that appeared on a web page. The story said that Prime Minister Ranil Wickremesinghe had met with business tycoon Dhammika Perera whose business empire contribute

Columnists More