Monri complies with PCI-DSS standards, enhances visibility of their environment and improves alerting and incident management.
Our client, Monri d.o.o. - one of the leading payment service providers in Southeast Europe needed a redesign of their existing infrastructure solution.
With the upcoming PCI-DSS audit, they wanted to improve availability and security.
The client had the infrastructure inside a single data center in Zagreb. This represented challenges in terms of availability; if something happens inside this single data center, their service becomes unavailable.
To fully comply with rigorous PCI-DSS standard, we designed the solution with full environment isolation and full control over the traffic flow. We also implemented SIEM (Security Information Event Management) to improve the overview and visibility of the environment.
Monri Payments d.o.o. was founded in 2003 under the name “Webteh d.o.o.” as one of the first payment providers in Southeast Europe.
Since 2019, Monri has been a part of the Payten/Asseco SEE Group.
The company develops advanced solutions for all types of payments, and they are the only omnichannel payment service provider in the region. Monri’s service provides a unique and connected payment experience in physical stores (SinglePOS), web stores (WebPay payment gateway) and the development of mobile payment applications (Android and iOS mobile SDK).
Monri is the first company outside the financial sector in Croatia that satisfied the PCI-DSS level 1 requirements.
The client’s infrastructure was hosted inside a single data center in Zagreb. Having the infrastructure inside only one data center represents availability challenges - if something happens inside this single data center, their service becomes unavailable. So, the main problem is the lack of redundancy and failover.
The second issue was the alignment with the PCI-DSS standard. To fully comply with PCI-DSS, the client needed full isolation of the environment and full control over the traffic flow.
Through the PCI-DSS certification process, auditors take time to understand the security aspects of the implemented solution and find possible security problems.
Our job is to explain why something works the way it works. If something is not done by the standard, we need to elaborate implemented solution and explain how the risk is mitigated. There should not be any potential security issues.
Security is the number one priority, while high availability comes as a second.
The client’s infrastructure is now located in two data centers in Zagreb. Data centers are connected through a redundant private connection. They are configured as active-active - traffic can come inside any of the data centers. The client’s service is a so-called real-time service - it needs to be available 100% of the time. Because of this requirement, everything is redundant (internet links, firewall, application server, HSM equipment, databases) and distributed to both data centers. If one of the datacenters fails, the second one will fully take over - this way, we solve redundancy, failover and disaster recovery.
Because of the PCI-DSS standard, the networking is fully closed and traffic flow is strictly controlled. The global security policy is to deny everything and allow only what is needed. All services are separated into security zones, each zone being a form of isolation.
We implemented SIEM (Security Information Event Management); this solution helps clients have an overview of the whole environment. Logs from both data centers are collected into one centralized system. After collection, logs are analyzed and filtered through a set of rules - if something is not right, the responsible staff is notified or alerted. Security responsibility is shared between the client and Sedmi odjel. The client is responsible for application security, while Sedmi odjel is responsible for the infrastructure.
We successfully designed and implemented high availability solution with special concern for security.Our collaboration continues as we provide infrastructure as a service; we maintain the infrastructure, firewalls, networking, backups, and OS-es and respond to incidents or new requests that the client might have.About Heptabit
Heptabit is a company based in Croatia, focused on providing high-end IT services based on cloud technology. The company's strategy focuses on its own cloud solution called 'Hepta cloud' and Amazon AWS services.
With strong customer orientation, the company acts as a technology partner to its clients and provides a high level of expertise and knowledge in the domain of IT infrastructure solutions.
In 2018, the company joined Amazon Partner Network; since then, Heptabit steadily built its current position as one of the leading AWS partners in the CEE region.
The company's services are provided in accordance with the leading IT management and IT security ISO certificates (ISO 20000, ISO27000, ISO27017).
Are you interested in our Monri-Payten PCI-DSS Case Study services? Schedule a FREE consultation with one of our experts!Schedule a free talk
Schedule a talk with one of our cloud experts!
Your message has been sent. We will contact you as soon as possible!
Something is wrong. Your message is not sent. Please contact us directly on our info e-mail: email@example.com.