Banco de Costa Rica (BCR) has become the first public bank in the country to achieve PCI DSS (Payment Card Industry Data Security Standard) certification. This recognition confirms that BCR maintains secure systems and networks for handling payment instruments, including their request, traceability, acquisition, delivery, and operation.
The certification was awarded during a ceremony on February 18, attended by representatives from GM Sectec—the auditing firm—VISA as a strategic partner in the process, and the Central Bank of Costa Rica (BCCR). The event marked the conclusion of a comprehensive review and audit conducted over recent months.
Julio César Trejos, General Manager of Banco de Costa Rica, stated: “El BCR está altamente comprometido con ofrecer a sus clientes experiencias diferenciadoras y seguras; para nosotros su confianza es clave y por eso asumimos el reto de realizar este proceso de certificación que concluye con un reconocimiento internacional de gran renombre.”
With this certification, BCR demonstrates compliance with high security standards in several areas: protection of cardholder data, vulnerability management programs, ongoing malware defenses and antivirus updates, strong access controls for client data, and an information security policy across its conglomerate.
President of GM Sectec commented: “Felicidades por este logro para el Banco de Costa Rica. Como empresa auditora sabemos que este camino no es fácil y el BCR ha hecho un trabajo excepcional. PCI DSS es un tema de todos los dÃas y la protección del ecosistema de medios de pago es algo que se han tomado muy enserio. La confianza que le están ofreciendo a sus clientes es invaluable.”
The certification brings multiple benefits. It increases trust among card brands regarding the bank’s operations. Clients can be confident using payment methods managed within a secure transaction environment. The achievement strengthens BCR’s culture of security, reduces risks and fraud related to payment instruments, and supports business continuity strategies.
Sissy GarcÃa Arias, Senior Executive Account Manager at Visa said: “Esta certificación pone al BCR al frente de otras entidades financieras en el paÃs, al convertirse en el primer Banco público en obtener este reconocimiento. En VISA estamos muy orgullosos de tenernos como socios estratégicos en productos tan simbólicos y de tanta relevancia a nivel de Latinoamérica.”
PCI DSS standards apply to any organization involved in storing, processing or transmitting cardholder data or sensitive authentication information through cards or similar devices such as bracelets or wallets. Developed by major card brands—including VISA and Mastercard—the standards provide technical and operational requirements that institutions must meet to protect cardholder data.
The PCI Security Standards Council (PCI SSC), founded in 2006 by VISA, Mastercard, American Express, Discover JCB—and now supported by about 800 participating organizations—oversees these regulations. Maintaining PCI DSS certification requires continuous processes with regular reviews and recertifications. This ongoing commitment signals BCR’s dedication to safeguarding customer payment methods.
