Ecommerce Security and PCI DSS compliance – Encouraging security awareness, Part 2


by Natasja Bolton, Acquirer Support Manager, Risk and Assurance Division

In part 1 last week, I discussed how businesses may be putting themselves at risk by assuming that ‘PCI DSS compliant’ also meant secure, (for part 1 please click here). 


Maybe what we should be doing is encouraging businesses to focus less on compliance as an annual ‘tick-box’ exercise and more on addressing risk and information security – that is confidentiality, integrity and availability – as the key factors to ensure they are resilient in the face of cyber threats, insider threats, natural disasters, service outages, etc.


Recent reports have shown that, despite the increased frequency of high-profile cyber-attacks and data breaches, such as the Sony cyber-attack and eBay data breach, many small and medium sized businesses (SMBs) don’t believe they are at risk, leaving themselves exposed to potential attacks and compromises due to lax or insufficient security measures.


A survey of over a thousand British SMBs conducted for the UK Government’s security initiative Cyber Streetwise found that:


“66 percent of SMBs said that they didn’t believe their business to be vulnerable, 16 percent said that improving their cyber security was a top priority for 2015, 22 percent said they “don’t know where to start”



In the UK, the Cyber Streetwise initiative is providing a set of simple to understand resources and materials to tackle these numbers and to bolster the resilience of UK businesses in the face of existing and developing cyber threats.


Further, they are promoting the ‘Cyber Essentials’, not as a compliance standard but a set of security requirements to be applied with a ‘badge scheme’ allowing adopters to advertise to their customers, partners or clients that they take cyber security seriously.


In the US, guidance to help small businesses understand the threat and what they can do to address it is being produced by organisations such as the  Small Business Administration and Department of Homeland Security. The Federal Communications Commission (FCC) has produced the FCC Small Biz Cyber Planner 2.0 to help small businesses create customised cybersecurity plans.


Webpage URL

Find out more about our PCI DSS compliance services by clicking the button below


Payments industry – should support and promote

I believe leaders in the payments industry (the card schemes, the PCI SSC, the acquirers and others) should be supporting and promoting these and similar initiatives aimed at improving an organisation’s overall security posture not just payment security.


Ultimately those entities that provide the backbone and services of the payments industry cannot themselves benefit and grow if the thousands of retailers that rely on them do not flourish and maximise their business potential.

Small Merchant Taskforce

The PCI SSC has recently launched a Small Merchant Taskforce in recognition that small merchants are particularly vulnerable to attack, usually have very limited resources and technical expertise at their disposal, and often lack the necessary tools, information and education to recover and prevent such attacks.


The Taskforce aims to address these issues by developing resources to help them protect cardholder data and to resolve risks to their business.


We will cover the objectives of the PCI SSC Small Merchant Taskforce in a later blog post and give details of how you can benefit. Sysnet recognises the need for small businesses to build on the foundation of good security that is the PCI DSS, to understand the modern threat landscape and to become more resilient: able to react to, recover from and survive security incidents and attacks. 


Sysnet has built SafeMaker for that very purpose. It gives your merchants access to a range of both Sysnet and your own security products and services, aimed at helping them protect their business and maximise sales.


SafeMaker simplifies security for merchants by presenting them with only the solutions that are relevant to them.


  • Provide your merchants with access to a range of security-related products and services, providing a one-stop-shop for all their security and compliance needs.
  • Instantly presents merchants with solutions to gaps or issues identified by the compliance process.
  • Reduce your risk, secure merchants with appropriate security solutions in place are a lower risk to your business.
  • Improve your merchant relationships by becoming a business partner.
  • Increase revenue through higher transaction volumes and revenue share

Sysnet Risk & Assurance is available to assist small businesses with pragmatic solutions to help improve their security posture and meet compliance initiatives, including achievement of the Cyber Essentials badge.


For more information on SafeMaker and how Sysnet can help you support your merchants understand and address the cyber threat, email


Like this Article?

Subscribe to receive more tips & news about Cyber Security, Compliance and a lot more!

  • Sysnet Global Solutions will use the information you provide on this form to be in touch with you regarding non-promotional as well as promotional material by email and phone. If you agree to same, then please select the ‘I consent’ box after reading the terms and conditions listed below in relation to consent. You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, update your preferences for communications, content etc. by clicking on the update my preferences button in any email we send you or by contacting us at We will treat your information with respect. For more information about our privacy practices please visit our website. By clicking below, you agree that we may process your information in accordance with these terms. We use Pardot as our marketing automation platform. By clicking below to submit this form, you acknowledge or agree that the information you provide will be transferred to Pardot for processing in accordance with their Privacy Policy and Terms