The site uses cookies to work. Please confirm acceptance of this information
OKGOST 57580.2-2018 is a regulatory document that has taken a central place in information security issues for the financial sector. It is developed based on the requirements of the Bank of Russia and acts as a mandatory tool for assessing the compliance of information security in credit and non-credit financial organizations, including participants in the national payment system. In contrast to the more general approach to information security, GOST 57580.2-2018 offers strictly structured methods for ensuring information security, focused on the realities of the Russian regulated market.
Simply put, if a company handles banking transactions, transfers or independently stores sensitive financial data, personal information of customers, or participates in payment transactions, it falls within the scope of this standard. In particular, it covers the protection of transactional information, the implementation of organizational and technical measures to ensure information security, as well as the requirements for the registration of the results of the assessment of compliance with protection.
GOST 57580.2-2018 is aimed not just at creating a "boxed" information security policy, but at ensuring the security of financial banking operations using methods approved by the Central Bank. This standard differs from ISO 27001 in extreme specifics: clearly structured requirements, deadlines, evaluation methodology and documentation procedures. If ISO 27001 provides a space for adaptation, then GOST 57580.2-2018 establishes specific stages, attributes of information security control and maintenance in practice.
Ignore the requirements of the standard — it means consciously entering the risk zone:
In an environment where the information security of a financial institution directly affects the ability to conduct business, compliance with GOST 57580.2-2018 is no longer perceived as a voluntary recommendation. This is an obligation that, if violated, would jeopardize the entire business model. This is especially true for FinTech companies, MFIs, digital payment solution services, CRM system vendors, and customer data aggregators. All of them have become part of an ecosystem for which the requirements of ensuring compliance with the Bank of Russia regulations are implemented and applied.
The scope of GOST 57580.2-2018 applies not only to traditional banks and insurance companies. The regulations of the Bank of Russia list all entities that are required to implement protection measures according to this standard. These are:
Contractors of financial organizations also fall under the standard if they process or gain access to financial information in any way., This includes users` personal data, transaction information, customer behavior patterns, and interaction history. This means that in the absence of direct regulation, the requirements of the standard can be applied within the framework of contracts and compliance assessment processes for the protection of information of a financial institution by a contractor.
Borderline cases most often relate to:
If your activity is in any way related to the participants of the system, which are credit institutions, or your platform interacts with the payment system, GOST 57580.2-2018 applies to you. Increasingly, the requirements of the conformity assessment methodology extend further than the direct jurisdiction of Roskomnadzor or the Bank of Russia through contracts, partnership agreements, and marketplace requirements.
GOST 57580.2-2018 was developed as a tool for assessing the compliance of information security in the financial sector, based on both organizational and technical measures. Its structure is focused on checking vector directions, the results of which are reports, regulations, system settings and action logs. The key feature is the measurability of each security measure.
The main sections that are considered first when checking:
All these measures are controllable. For example, in the case of access control, not just a login / password is required, but the registration of an access control policy, inspection reports, documents based on the results of audits and excalibration. GOST 57580.2-2018 sets out the requirements for the methodology of registration of results, that is, each step must be documented according to the templates recognized by the supervisory authorities.
The document does not allow for formalism. Example: it is not enough to implement antivirus software. It is necessary to prove the security controls, the regularity of updates, and the response to a real incident. Conducting tests, completing documents, and having signed protocols are all taken into account when assessing the compliance of information security with a financial institution.
In addition to the initial implementation, the resilience to long-term operation is checked: an audit of information security systems shows how well the organization copes with maintaining the implemented measures. Violations of access history, lack of log analytics, and ignoring surveillance system updates are very often detected. Therefore, compliance with GOST 57580.2-2018 is not a moment, it is a process that must be accompanied by a competent methodology for evaluating and maintaining verifiable results.
Our practice shows that not a single check passes "according to the principle of familiar places." Compliance assessment is carried out according to formalized checklists approved by the regulator, and contains a list of mandatory organizational and technical measures and procedures for the security of financial banking transactions. This is not an abstraction, but a specific operational control system that we help implement and maintain on a turnkey basis.
The implementation of GOST 57580.2-2018 is not just about creating a set of documents or installing software solutions. This is a complex process of forming an information security system in a financial institution that meets the requirements of the regulator. By working with us, you get a partner who not only knows the methodology of ensuring compliance, but also understands the real logic of inspections, takes into account the practice of the Bank of Russia and the technical nuances of the client`s infrastructure.
The implementation process is implemented in stages:
What allows us to ensure compliance with GOST 57580.2-2018 faster and deeper than other integrators:
The consequences of ignoring the requirements of GOST 57580.2-2018 are not limited to internal failures or formal comments. They affect key processes of interaction with financial institutions, access to banking products and payment infrastructure.
The Bank of Russia uses a formalized information security compliance assessment scheme in organizations that process personal and transactional data. Inspections are carried out on a planned and unscheduled basis, at the request of customers, according to reviews from partner banks, as well as in case of technological failures or leaks. During the verification, the following are requested:
In case of inconsistencies, the Bank of Russia issues regulations, imposes administrative measures, including temporary suspension of operations, restrictions on functionality, and a ban on connecting new customers. This is becoming especially sensitive for fintechs, IT ecosystems, and service developers: the emergence of doubts about the reliability of data protection dramatically reduces the willingness of banks to provide settlement and acquiring services.
Fines are not the main problem. Much more critical are:
Based on the results of the analysis of typical violations, it can be seen that most of the problems are related to the lack of documented monitoring procedures, a formal approach to testing, outdated journals, and discrepancies between the described policies and actual practice. All this can be done, but only with a systematic approach to the implementation of the requirements established by regulations and compliance with standards for the assessment and registration of evidence.
Many companies, especially with international participation, have already been certified according to ISO 27001 and believe that this is enough. But in the case of the Russian financial sector, the GOST 57580.2-2018 standard is a separate and mandatory requirement, fundamentally different in content and logic of building control mechanisms.
ISO 27001 is a universal framework that allows you to organize an information security management system. It is valuable as the basis of the information security environment, applicable to different countries, industries and situations. GOST 57580.2-2018 is a target standard developed with an emphasis on the practice of regulation in the Russian Federation, including the requirements for assessing the compliance of information security of a financial organization and automated settlement and payment systems.
Organizations that limit themselves to ISO often find themselves unprepared for the requirements of logging, event tracing, or the level of detail of technical measures. We help to synchronize both standards. If you have already implemented ISO 27001, we do not "reset" the existing structure, but integrate GOST 57580.2-2018 within the existing information security system. This allows you to minimize duplication of efforts and build a coordinated approach to information protection that meets both international and national requirements.
Attempts to implement GOST 57580.2-2018 on their own often end in problems, not because specialists are not competent enough, but because the features of the standard itself are ignored: the depth of requirements, rigor in recording results, and a high level of detail in organizational and technical measures. At this stage, the difference between GOST 57580.2-2018 and the general recommendations on information security is particularly noticeable.
The most common mistakes in self-implementation:
As a result of self-implementation, there are often no:
We don`t just fix these errors, we fix them systematically. Due to the accumulated experience, methodological developments, and dozens of successfully defended cases on information security compliance assessment, we are building a structure for meeting the requirements of GOST 57580.2-2018 so that it can withstand real verification. Not just for show, but so that each step conforms to the standard, the logic of the inspectors, and industry risks and is documented.
Our key difference is that we focus not on formal implementation, but on actual compliance with the requirements, assessment methodology, and verification practices. Our methodology takes into account not only the current regulatory framework, but also future changes. We build information protection "for growth":
What our clients receive:
We do not offer a "universal solution". Each project is unique. But we know how to achieve one result: your compliance with GOST 57580.2-2018 will be recognized, verified and protected.
Need to make a payment quickly? In your personal account, you can instantly issue an invoice for payment in any of the cryptocurrencies offered by the service for the required amount. After the customer pays the bill, the funds will be credited to your account within a few minutes.
After paying the client`s bill, the daily messages will be published on your website within a few minutes.
Thank you for your interest in our solutions. Fill out the form and we will contact you soon to discuss the right solution for your business.
You will be contacted as soon as possible.
System requirements:- Wordpress version - from 3.8- WooCommerce version - from 2.0- PHP version - from 7.0
Installation:1. The contents of the archive should be placed in the Wordpress plugins folder (by default - {site root} / wp-content / plugins /)2. Go to the site admin section (/wp-admin/) and activate the "WooCommerce - Wallex" plugin 3. Go to the section "WooCommerce" - "Settings" - "Checkout"4. At the bottom of the page, in the "Payment gateways" section, click the "Settings" button opposite "Wallex Payments"5. Enter your seller`s details.
System requirements:- OpenCart version - from 3.0- PHP version - from 7.0
Installation: 1. Copy the admin and catalog folders to the root of the site 2. Go to the admin panel of the site 3. Select the menu "Add-ons" -> "Payment"
* The CNC must be configured for each language separately 10. Add the received link (https: // my-site / response) to your Wallex account “My Store” -> “Settings" -> “Successful redirection” Received link (https: // my-site / response)
System requirements:- Joomla version - from 3.0- Virtuemart version - from 3.0- PHP version - from 7.0
Installation:1. To install the payment acceptance module, you must download the archive from your Wallex account.2. Install via the module installer in the admin panel (Extensions -> extension manager -> Download package file, etc.)3. In the module management menu, activate the plugin (Extensions -> Extension Manager -> Management)4. Then go to the Virtuemart admin page and go to: Components->Virtuemart->Payment Methods->Add a payment method)5. Fill in the first tab and click "Save"6. Go to the "Configuration" tab (Settings)7. Fill in the fields and click "Save" (for further configuration, remember the value of the cid[] parameter from the address bar)
Set up links in your Wallex account - My Store-Settings1. Successful URL - https://joomla.retailcrm.club/index.php/compomemt/com_virtuemart 2. Callback - https://joomla.retailcrm.club/index.php?option=com_virtuemart&view=pluginresponse&task=pluginnotification&tmpl=component&pm = X (insert the value from step 8 instead of X at the end)3. Unsuccessful - https://joomla.retailcrm.club/index.php?option=com_virtuemart&view=pluginresponse&task=pluginUserPaymentCancel&pm = X (insert the value from step 8 instead of X at the end)
System requirements:- Drupal version - from 7.x- Commerce version - from 1.15- PHP version - from 7.1 - 7.4
Installation:Unpack the archive “{your_site}/admin/modules/install"Log in to the admin panel and install -> “COMMERCE (PAYMENT) WALLEX". Click Save.Set up the WALLEX payment gateway.. drupal payment gateway settings: drupal commerce & ubercartEnter the data from your personal account.Drupal commerce payment Gateway SettingsThe Drupal payment gateway from WALLEX allows you to automate the process of accepting payments from electronic wallets and any bank cards.
System requirements:- PHP version - from 7.2
Installation:The contents of the repository should be placed in the root directory of the site#After that, you need to:Go to the administrative part of the online store.Go to the "Payment Systems" page ("Store" - > "Store Settings" ->; "Payment systems")Click on the "Add payment system" buttonFill in the general information about the payment system.Go to the appropriate tab ("Individuals" or "Legal entities") and fill in all the necessary informationmake the payment system active and click "Save"Enter the links from the list below in the seller`s settings.callback URLhttp://ваш домен/bitrix/tools/wallex_result.php Successful redirectionhttp://ваш domain/personal/orders/Cancel redirectionhttp://ваш домен/bitrix/tools/wallex_fail.php
After your company has passed moderation, you can start receiving funds using the payment form. The link to the payment form is available in the company information and has the format https://wallex.zone/widget /{id}, where {id} is the digital identifier of your seller. In order for the form to work correctly and open, you must send the URL to the client, specifying in the request a set of parameters described below. The best way is to format the sending parameters using a POST request. This can be done using javascript or in a hidden form, although this form will also work if the parameters are simply sent by the GET method. But this method is not considered safe
Description of payment form parameters
client - client`s email address
product - Purpose or payment or product name
price - The price for one unit multiplied by 100 (if the price is 110.55 euros, this value will be 11055)
quantity - Quantity, if greater than 1, then the final amount will be equal to quantity*price
currency - Cryptocurrency code for payment (for example, usdt)
fiat_currency - The code of the fiat currency (rub, kzt, try) for payment, by default - rub
uuid is a unique payment number in our system. If you don`t use identifiers, just set a random value in this parameter
language - Transaction language, by default - ru
message - A short message to the user will be sent by email when paying
description - A brief description of the service, will be shown in the payment form
card_number - The card number of the payee (Used only for acquiring), the field is optional
sign is a digital signature of the data, a sha1 cache string consisting of the specification of all request parameters and your SECRET KEY:
sha1(client+product+price+quantity+currency+fiat_currency+uuid+language+message+description+card_number+SecretKey)
$link = 'https://wallex.zone/widget/69?data='.base64_encode(http_build_query([ 'client'=>'test@test.ru', 'product'=>'product', 'price'=>300*100, 'quantity'=>1, 'currency'=>'usdt', 'fiat_currency'=>'rub', 'uuid' => '1234qqqq', 'language' => 'ru', 'description' => 'test', 'sign' => sha1('test@test.ru'.'product'.(300*100).'1'.'usdt'.'rub'.'1234qqqq'.'ru'.'test'.'SECRET KEY') ]));
As soon as the funds are credited to your account, our system sends a POST request to the specified URL callback link. The request contains the following set of parameters:
status - success for successful payment, fail for cancellationclient - client`s email
currency - Payment currencyamount - Amount of funds transferred
uuid - the uuid that you sent when initializing the form
commission - payment service commission
product - Purpose of payment or, product name
sign is a digital signature of the data, a shal cache string consisting of the specification of all request parameters and your SECRET KEY:.sha1(status+client+currency+amount+uuid+commission+product+SecretKey)To accept payments in cryptocurrency, the link parameters remain the same, the amount in the price parameter is transmitted in the currency specified in fiat_currency. Our system itself will recalculate the equivalent in the cryptocurrency passed in the currency parameter. At the moment, payments are accepted in ETHEREUM, BITCOIN and USDT (eth, btc, usdt).
To create a payout, you need to send a request to the URL https://wallex.zone/payout/new containing a serialized json object in the body, with the following set of parameters:
composer require sq-dev/wallex-sdkuse Wallex\Widget;
$widget = new Widget(1, "secret_key");
$url = $widget->cretePayment(
"client@mail.ru",
"Xiaomi 9T",
1000,
1,
"Hello thanks for order",
"Xiaomi 9T",
"USDT",
"rub",
"ru"
); // Returns payment url
use Wallex\Webhook;
$payment = new Webhook($_POST);
if ($payment->isVerified("secret_key") && $payment->isSuccess()) {
// Payment success logic
//F.e:
$client = $payment->getClient(); // Get client email
User::where("email", $client)
->update(["balance" => $payment->getAmount()]);
}
use Wallex\Payout;
$payout= new Payout($MerchantId, $SecretKey);
$payout->cryptoPay($address, $amount, $currency);