menu Menu
Sedmi odjel sign

Monri-Payten PCI-DSS Case Study

Get in Touch
Amazon Advanced Consulting Partner

Monri-Payten PCI-DSS Case Study

Monri complies with PCI-DSS standards, enhances visibility of their environment and improves alerting and incident management.

Monri-Payten PCI-DSS Case Study

Intro

Our client, Monri d.o.o. - one of the leading payment service providers in Southeast Europe needed a redesign of their existing infrastructure solution.

With the upcoming PCI-DSS audit, they wanted to improve availability and security.

The client had the infrastructure inside a single data center in Zagreb. This represented challenges in terms of availability; if something happens inside this single data center, their service becomes unavailable.

To fully comply with rigorous PCI-DSS standard, we designed the solution with full environment isolation and full control over the traffic flow. We also implemented SIEM (Security Information Event Management) to improve the overview and visibility of the environment.

About The Client

Monri Payments d.o.o. was founded in 2003 under the name “Webteh d.o.o.” as one of the first payment providers in Southeast Europe.

Since 2019, Monri has been a part of the Payten/Asseco SEE Group.

The company develops advanced solutions for all types of payments, and they are the only omnichannel payment service provider in the region. Monri’s service provides a unique and connected payment experience in physical stores (SinglePOS), web stores (WebPay payment gateway) and the development of mobile payment applications (Android and iOS mobile SDK).

Monri is the first company outside the financial sector in Croatia that satisfied the PCI-DSS level 1 requirements.

The Problem

The client’s infrastructure was hosted inside a single data center in Zagreb. Having the infrastructure inside only one data center represents availability challenges - if something happens inside this single data center, their service becomes unavailable. So, the main problem is the lack of redundancy and failover.

The second issue was the alignment with the PCI-DSS standard. To fully comply with PCI-DSS, the client needed full isolation of the environment and full control over the traffic flow.

PCI-DSS Certification

Through the PCI-DSS certification process, auditors take time to understand the security aspects of the implemented solution and find possible security problems.

Our job is to explain why something works the way it works. If something is not done by the standard, we need to elaborate implemented solution and explain how the risk is mitigated. There should not be any potential security issues.

Security is the number one priority, while high availability comes as a second.

Solution

Redundancy, Failover, Disaster Recovery

The client’s infrastructure is now located in two data centers in Zagreb. Data centers are connected through a redundant private connection. They are configured as active-active - traffic can come inside any of the data centers. The client’s service is a so-called real-time service - it needs to be available 100% of the time. Because of this requirement, everything is redundant (internet links, firewall, application server, HSM equipment, databases) and distributed to both data centers. If one of the datacenters fails, the second one will fully take over - this way, we solve redundancy, failover and disaster recovery.

Security

Because of the PCI-DSS standard, the networking is fully closed and traffic flow is strictly controlled. The global security policy is to deny everything and allow only what is needed. All services are separated into security zones, each zone being a form of isolation.

SIEM

We implemented SIEM (Security Information Event Management); this solution helps clients have an overview of the whole environment. Logs from both data centers are collected into one centralized system. After collection, logs are analyzed and filtered through a set of rules - if something is not right, the responsible staff is notified or alerted. Security responsibility is shared between the client and Sedmi odjel. The client is responsible for application security, while Sedmi odjel is responsible for the infrastructure.

Results and Benefits

  • High availability system distributed to two datacenters
  • Compliance with PCI-DSS standard
  • Better overview and visibility of the environment
  • Better alerting and incident management
  • Better security and smarter firewalls

Next Steps

We successfully designed and implemented high availability solution with special concern for security. Our collaboration continues as we provide infrastructure as a service; we maintain the infrastructure, firewalls, networking, backups, and OS-es and respond to incidents or new requests that the client might have.About Sedmi odjel

Sedmi odjel is a company based in Croatia, focused on providing high-end IT services based on cloud technology. The company's strategy focuses on its own cloud solution called 'Hepta cloud' and Amazon AWS services.

With strong customer orientation, the company acts as a technology partner to its clients and provides a high level of expertise and knowledge in the domain of IT infrastructure solutions.

In 2018, the company joined Amazon Partner Network; since then, Sedmi odjel steadily built its current position as one of the leading AWS partners in the CEE region.

The company's services are provided in accordance with the leading IT management and IT security ISO certificates (ISO 20000, ISO27000, ISO27017).

Partners

Our main focus is to expand our partnership with AWS. Our cloud solution - "7o cloud" is built by implementing Veeam and VMware technologies, thus making these partnerships very important to us.

AWS Advanced Consulting Partner VMware Managed Services Provider Veeam Silver Cloud & Service Provider
About us

24x7 Premium Support

Our customer support is here to assist you with any issue that you might have.

24x7 - 365 days a year premium customer support by phone or e-mail, for customers that need constant monitoring.

Talk to Expert

Are you interested in our Monri-Payten PCI-DSS Case Study services? Schedule a talk with one of our experts!

Schedule a talk

Or contact us via e-mail: info@sedmiodjel.com

Talk to Expert

Schedule a talk with one of our cloud experts!




Privacy Agreement *
loading

Thank you!

Your message has been sent. We will contact you as soon as possible!

Ooooops!

Something is wrong. Your message is not sent. Please contact us directly on our info e-mail: info@sedmiodjel.com.

Using "Cookies"

We use cookies to make our websites reliable and secure and provide you with an enhanced user experience.
By continuing to use this site, you confirm that you agree to the use of "cookies". More information can be found by visiting Cookie policy.

I understand