Smaller businesses need to be aware of cyber threats and take steps to avoid becoming the next victim
Uncategorized

Smaller businesses need to be aware of cyber threats and take steps to avoid becoming the next victim

Though there have been regular news stories of companies that have suffered data breaches, many smaller businesses are still failing to view cyber security as a major priority. Often the reasoning behind this is that they don’t believe that their business will be targeted due to its size, they think that they don’t have valuable […]

0 Shares
The global impact of China’s preference for mobile payments - Are your customers ready?
Articles, Uncategorized

The global impact of China’s preference for mobile payments – Are your customers ready?

The growth of mobile payments globally continues to pick up pace; however, it is China, to date, that has embraced it most quickly and readily as we previously reported in our article entitled: Is China leading the way forward with Mobile Payments? In 2016 the mobile payments market in China reached $5.5 trillion. In comparison, during […]

0 Shares
Outsourcing-customer-engagement-services-–-Key-criteria-that-a-payment-industry-organisation-should-look-out-for
Infographics, Uncategorized

Proactive Data Security – How to remove the PCI compliance burden from small businesses and make them secure

When it comes to compiling with PCI DSS, many small to medium merchants struggle to find the time or resources. As a result often they end up paying non-compliance fees which in turn leaves them vulnerable to security breaches. An alternative to this approach is to replace the non-compliance fee with compliance and security value-added […]

0 Shares
PSD2: Strong Customer Authentication What it means for you and your merchant customers
Articles, Uncategorized

PSD2: Strong Customer Authentication What it means for you and your merchant customers

By Natasja Bolton, Senior Acquirer Support QSA   Our article of February 2016, discussed upcoming EU requirements for Strong Customer Authentication (SCA).  At the time, the European Banking Authority (EBA) had not yet released the implementation requirements for SCA: the Regulatory Technical Standards (RTS).  Now, with the revised EU Payment Services Directive (PSD2) having come […]

0 Shares
Ask A QSA – Mobile attack rates, how can your business customers better secure their mcommerce channel?
Articles, Blog

Ask A QSA – Mobile attack rates, how can your business customers better secure their mcommerce channel?

By Judith Clark, QSA Consultant Ask a QSA recently received the following query from an acquirer and we felt that this may be of interest to our readers. Merchants had been asking their acquirer “how can we better secure our mcommerce channel?”   It’s a good question. Recent research has shown that mobile attack rates […]

0 Shares
Articles, Uncategorized, Videos

Proactive Data Security – take the PCI compliance burden away from small business and make them secure

Many smaller business owners simply don’t have the time or resources to comply with PCI. As a result, they often end up paying ongoing, non-compliance fees leaving them vulnerable to security breaches.   So what’s the solution? It’s simple, take the burden away from smaller merchants by providing them with a managed compliance and security […]

0 Shares
The evolution of the cybercriminal means small businesses need to adapt
Blog, Uncategorized

The evolution of the cybercriminal means small businesses need to adapt

We regularly hear news stories about large corporations being hit with fines and suffering significant costs due to data breaches.  Many small businesses believe themselves to be immune to this threat as they believe themselves to be “too small to be a target” or that they “don’t hold valuable data.” Sadly, this is no longer […]

0 Shares
Why small businesses need to take cyber security seriously
Blog, Fact Sheets, Uncategorized

Why small businesses need to take cyber security seriously

Continuing on with our series of articles that focuses on challenges that many smaller businesses have, in this paper we highlight the risks cyber security poses to small businesses. We discuss how company data can be monetised by cybercriminals, why small businesses are at risk and the real cost of ignoring cyber security issues. Share […]

0 Shares
GDPR - The changes and the steps businesses need to take
Articles, Uncategorized

GDPR – The changes and the steps businesses need to take

With the General Data Protection Regulation (GDPR) deadline scheduled to go live 25th May 2018, we thought that it was appropriate to have another look at the European directive that will have a global impact.   Though a legal requirement created by the EU, GDPR is applicable to personally identifiable information (PII) related to EU […]

0 Shares
Incorporating multi-factor authentication for non-console access
Blog, Uncategorized

Incorporating multi-factor authentication for non-console access

We previously wrote about the PCI DSS new controls that became mandatory and effective from 1st February 2018. In that article we highlighted the items that impacted merchants, some new controls that impacted only service providers and some that are common to both.   This article discusses what is the intent of this control, what […]

0 Shares
Addressing the growing risk from insecure third party remote access
Blog

Addressing the growing risk from insecure third party remote access

By Judith Clark, QSA Consultant In recent years, numerous security reports have identified an increasing trend for intrusions affecting Point of Sale (POS) environments to have involved insecure remote access from service providers and their networks.  As the ENISA points out, criminals are turning to network-based attacks against retailers’ POS infrastructure because attacks requiring physical […]

0 Shares
Basic-cyber-threats-explained
Blog, Infographics, Uncategorized

Basic cyber threats explained

Businesses, in particular small to medium ones, often do not consider that they could be targeted by cybercrime. Unfortunately, the reality is that many small to medium businesses are now very much being targeted by cyber-criminals. The vast majority of criminals are opportunists, meaning that they will look to take advantage of any businesses that are […]

0 Shares
Compliance with multiple standards: the short and long term benefits of using our Combined Assessment Model
Uncategorized

Compliance with multiple standards: the short and long term benefits of using our Combined Assessment Model

Compliance with multiple information security related standards and regulations can be challenging for organisations. However, by aligning all standards using our Combined Assessment Model, requirements, cost and complexity can be significantly reduced. In this infographic, we explore the short and long term benefits.    

0 Shares
Simple Cyber Security threats every small business owner should know about
Blog, Fact Sheets, Uncategorized

Simple cyber security threats every small business owner should know about

Cyber security is a wide-ranging term that can relate to a plethora of complicated issues that are far above the head of the average person. However, small businesses can take strides towards making themselves more secure by taking simple steps to secure their information by avoiding negligent security habits.   These small practices begin with […]

0 Shares
The TLS deadline is fast approaching. What it is & how we can help your customers be prepared
Blog, Uncategorized

The TLS deadline is fast approaching. We examine what it is and how we can help your customers be prepared

With the Payment Card Industry Security Standards Council (PCI SSC) 30th June 2018 deadline fast approaching, it’s important that your customers are prepared to migrate to a secure version of TLS .   Back in October of last year, Sysnet’s Natasja Bolton, Senior Acquirer Support QSA, highlighted the key factors as to what the TLS […]

0 Shares
Sysnet clients up for a hat trick of security awards at 2018 Card & Payments Awards
News, Uncategorized

Sysnet clients up for a hat trick of security awards at 2018 Card & Payments Awards

PCI DSS compliance clients shortlisted at UK and Ireland’s leading industry awards Dublin, Ireland. 29th January 2018. Sysnet Global Solutions, a leading provider of cyber security and compliance solutions to the payments industry, is delighted to announce that three of its clients – Elavon Merchant Services, Worldpay, and Lloyds Bank Cardnet – are all shortlisted […]

0 Shares
An-alternative-approach-to-non-compliance-fees
Blog, Infographics

An alternative approach to non-compliance fees

Despite various approaches that some acquirers take to try and engage with businesses when it comes to compliance programs, some merchants simply do not engage. The traditional approach of driving compliance via non-compliance fees unfortunately doesn’t always produce results and can also lead to a negative association with the brand of the acquirer in the eyes […]

0 Shares
The PCI DSS v3.2 requirements that become effective from February 2018
Blog, Uncategorized

The PCI DSS v3.2 requirements that become effective from February 2018

By Francis Kyereh, Information Security Consultant Maintaining payment security is required for all entities that store, process or transmit cardholder data. Guidance for maintaining payment security is provided in PCI security standards. These set the technical and operational requirements for organisations accepting or processing payment transactions. The PCI DSS Version 3.2, containing nine new requirements […]

0 Shares
Understanding the scope for PCI DSS
Blog, Uncategorized, Whitepapers

Understanding the scope for PCI DSS

When undertaking any kind of PCI DSS assessment, whether it is a formal assessment or self-assessment questionnaire (SAQ), the most important thing is ensuring that the scope is correct. Without an understanding of the scope, systems may be overlooked and/or insufficient security controls applied. This may lead to a risk of data breach.   Conversely, […]

0 Shares
Uncategorized

Upcoming IATA 2018 deadline – Are your IATA travel agency customers prepared?

The IATA (International Air Transport Association) is requiring that all of their members achieve and maintain PCI DSS compliance as a condition of obtaining and retaining accreditation as an IATA Accredited Agent. A full accredited agent is a travel agent that sells airline tickets on behalf of IATA member airlines.   The deadline for compliance […]

0 Shares
5 cyber-predictions for 2018 (Part 1)
Blog, Uncategorized

5 cyber-predictions for 2018 (Part 1)

By Juliusz Idzik, Senior Information Security Consultant 2017 review During 2017 we witnessed some interesting but unnerving cyber campaigns that have forced many of us to rethink our security posture and whether our organisations are prepared to face sophisticated attacks. These campaigns use new, innovative tools that can pass traditional security mechanisms without any alert or […]

0 Shares
Contactless Cards: Protect your business customers from fraud/lost sales
Blog, Uncategorized

Contactless Cards: Protect your business customers from fraud/lost sales

By Judith Clark, QSA Consultant With 95% of credit cards in Canada supporting contactless, 165 million contactless cards across Europe and one out of three card payments being contactless in the UK; the total amount spent in the UK is estimated to be approximately £23 billion for the first six months of 2017. The popularity […]

0 Shares
Preparing your business for a data breach
Blog, Uncategorized

Preparing your business for a data breach

  By Mat Clarke, Information Security Analyst Whilst guarding against a security breach is often high on the agenda for businesses and security professionals alike, making preparations for the worst-case scenario actually occurring can easily be overlooked.   Unfortunately, as a number of recent high-profile security breaches have demonstrated, no set of defences is infallible […]

0 Shares
Migrating to a secure version of TLS and preparing for the June 2018 deadline
Blog, Uncategorized, Whitepapers

Migrating to a secure version of TLS and preparing for the June 2018 deadline

By David Morris, PCI Compliance Analyst Following on from Natasja Bolton’s article that highlighted the PCI Council June 30th deadline in relation to organisations not using Secure Sockets Layer (SSL) or early Transport Layer Security (TLS) as a security control, David Morris discusses the reasons for the requirement to migrate to a secure version of […]

0 Shares
Demystifying PCI DSS requirements: Penetration/segmentation testing
Blog

Demystifying PCI DSS requirements: Penetration/segmentation testing

By Mat Clarke, Information Security Analyst Introduction Testing the security of any network infrastructure and applications which are involved in the storing, processing or transmitting of cardholder data is often a key part of maintaining compliance with Payment Card Industry Data Security Standard (PCI DSS) requirements.   Along with internal and external vulnerability scanning (only […]

0 Shares
PCI Council deadline - Are Your Customers Ready for 30 June 2018? 
Blog, Uncategorized

PCI Council deadline – Are Your Customers Ready for 30 June 2018? 

By Natasja Bolton, Senior Acquirer Support QSA Back in January 2016, we highlighted the PCI Council’s extension of the migration completion date for transitioning from SSL and TLS 1.0 to a secure version of TLS (currently v1.1 or higher).  Now, with just 8 months to go until the migration date deadline, we’re here to ask: […]

0 Shares
Are your customers ready for 31 January 2018?
Blog, Uncategorized

Are your customers ready for 31 January 2018?

By Natasja Bolton, Senior Acquirer Support QSA In my last article, I discussed whether two-step authentication was ever acceptable to meet PCI DSS’s requirements for multi-factor authentication. In that article, we also noted that PCI DSS requirement 8.3.1 is currently a best practice which becomes a requirement after 31st January 2018.   It seems timely […]

0 Shares
The industry hasn’t done enough to help small business merchants with their security issues
Blog, Uncategorized

The industry hasn’t done enough to help small business merchants with their security issues

Sysnet CEO, Gabriel Moynagh, explains how acquiring organisations can make a real impact on small business security, by replacing revenue from PCI DSS penalties for non-compliance, with a managed service offering that boosts merchant security.   The PCI DSS was set up to help businesses process card payments securely and reduce fraud. Most acquirers will […]

0 Shares
Cybersecurity Strategy and Essentials
Articles

Cybersecurity Strategy and Essentials

Cybersecurity becomes even more complicated in the context of today’s threat landscape, which is not only constantly changing, but is also expanding at an increasingly fast rate. This is the most problematic element of Cybersecurity; its evolution is so fast and unpredictable while the nature of the risks involved are constantly changing.   Managing security […]

0 Shares
Why protecting your data often means thinking like a hacker
Blog, Uncategorized

Why protecting your data often means thinking like a hacker

by Peter Burgess, Senior Information Security Consultant Hackers are constantly looking for new ways to access an organisation’s data and sometimes they succeed. One of the more bizarre approaches recently was by using a fish tank. The hackers attempted to access and steal data from a North American casino by accessing a fish tank connected to the […]

0 Shares
The major consequences for a business that gets hacked
Uncategorized

The major consequences for a business that gets hacked

By Jeremy Lacy, Senior Cyber Security Consultant   Working as an information security professional, I often assist businesses with their cyber security. Though much of my work is focused around making sure that a business does not become a victim of cybercrime, I never really considered how credit card fraud could affect me on a personal […]

0 Shares
Is two-step authentication acceptable for PCI DSS Requirement 8.3?
Uncategorized

Is two-step authentication acceptable for PCI DSS Requirement 8.3?

by Natasja Bolton, Senior Acquirer Support QSA   In our May 2016 article on the changes brought in by PCI DSS v3.2, we discussed both the PCI Council’s amended terminology from Two-Factor Authentication to Multi-Factor Authentication (MFA) as well as the introduction of an additional MFA PCI DSS requirement: 8.3.1.   Since then, due to […]

0 Shares