By Natasja Bolton, Senior Acquirer Support QSA With the increase of malware and other malicious cyber security attacks that have had a global impact in the last few years, governments around the world have been trying to implement concrete safeguards through regulation. The goal of these regulations being to not only protect valuable infrastructure services […]
By Mat Clarke, Information Security Analyst Let’s face it, putting in place the plans and procedures necessary to support a forensic breach investigation isn’t a job which is likely to end in glory (in most cases, the best outcome is that you never have to use them). Nevertheless, it should be recognised that laying the […]
The PCI SSC has published a further update on the applicability and implementation of the SAQ A requirements to merchant web servers that redirect customers to a third party for payment processing. The SAQ A is applicable to merchant entities that have wholly outsourced their entire ecommerce website infrastructure to a PCI DSS compliant […]
Significant progress has been made in the US and European markets in terms of mobile payments, which we explored in our previous article, Mobile Payments – Have they met expectations? In that article Natasja Bolton examined whether mobile payments had been gaining acceptance in the market place with consumers and businesses alike. She established that […]
July 24th, 2017. Sysnet Global Solutions a leading provider of cyber security and compliance solutions to the payments industry, today announced that it has appointed Jeremy Coram as SVP Business Development, North America. Jeremy will be responsible for identifying and strategically assessing mutually beneficial opportunities within the cyber security space, for Sysnet and its current […]
With larger organisations that deal directly with an acquirer, they do not have the guidance of an online portal and often rely on the PCI council in relation to SAQ selection as well as advice provided by a third party service provider. In order to address these difficulties with ecommerce SAQ selection we have […]
Many businesses are often unaware that ensuring their payment terminals are part of a Point-to-Point Encryption (P2PE) Solution can carry considerable benefits when it comes to simplifying their PCI DSS compliance. As we discovered here at Sysnet, the reason why many businesses are not aware of P2PE and its benefits is that they often find […]
Defining, documenting and publishing clear guidelines on how data is managed is one of the most important steps in addressing risk of any business. Though the Payment Card Industry Data Security Standard (PCI DSS) can seem confusing, one of the main benefits is that it will protect payment card data, which is not only essential […]
Businesses that accept payment cards for goods or services are often targeted by criminals who will attempt to tamper or substitute their card reading device. Regular inspection of payment card terminals and PIN entry devices is one of the most effective ways that businesses can ensure that their devices are secure from tampering and substitution. […]
Recent reports have shown that, despite the increase of high-profile cyber-attacks and data breaches, such as the Sony cyber-attack and eBay data breach, many small and medium sized businesses (SMBs) don’t believe they are at risk. Unfortunately this is not the case and in fact by having weak or insufficient security measures, many business are exposing themselves to […]
As our lives and businesses become more digitised and reliant on computers of various shapes and sizes, from smartphones, to laptops and tablets it’s become essential to protect these devices. Here are five tips to ensure that your computer, whatever it may be is secure and safe. 1. Update If your operating system or […]
Some businesses will spend large amounts of time as well as money on encryption software and firewalls but then neglect the physical security of their business. Physical security is often overlooked and the impact of a physical breach can be the same as a computer breach. One of the most common occurrences during a […]
When a data breach is reported in the media, more often than not it’s the well-known large companies that make the headlines. In reality cybercriminals are more successful in attacking smaller businesses. The reason for this is that smaller businesses often have fewer resources and as a result are less likely to have the latest […]
Information security, otherwise known as infosec, is a series of strategies to manage and prevent the unauthorised access as well as the use, of physical and digital information. This also includes any modification, destruction or disruption to information. Common threats to information security are identity theft, theft of intellectual property, theft or sabotage of […]
Sensitive information is data that is required to be protected from being accessed by unauthorised parties. This is done as to safeguard the security and the privacy of an individual or organisation. The three main types of sensitive information that exist are: personal information, business information and classified information. Personal Information Personal information is […]
With regular reports of cybercriminals stealing credit card data and other sensitive information it’s essential to protect your ecommerce website. A breach will not only cost a business in major fines but it will also affect customer trust. Therefore it’s imperative to know how to protect your ebusiness and your customer data. The following are a few […]
by Natasja Bolton, Senior Acquirer Support QSA The UK Cards Association’s 2017 report on UK Card Payments, released on 19th June 2017, reported a doubling of debit and credit card purchases in the last 10 years. The volume of card transactions reached 16.4 billion in 2016, an increase of 146% from 2006, even though the […]
Biometrics has largely been hailed as the future of consumer identification, authentication, and confirmation of transactions. Though in South Africa, Mastercard has been trialling a chip and PIN bankcard that includes a fingerprint reader, to date the technology has largely not appeared in Point of Sale (POS) devices or in more traditional payment areas. […]
An account data compromise is when cardholder information has been obtained by an unauthorised person who intends to commit fraud. The opportunity can occur when businesses or designated third parties store cardholder data incorrectly in an unencrypted format. Common ways that fraud can occur includes theft from the premises of a business, physically or electronically, […]
Increasingly, over the last few years, criminals are specifically looking to gain access to consumers’ identity data and not just their payment data. The main reason for this is that with consumer identity data there are few limits to the fraudulent purposes the data can be used for, which makes it much more desirable. […]
Social engineering, the act of psychologically manipulating a person to divulge confidential information or to carry out actions is becoming more common place. Recently Indian police raided call centres and made arrests in which a large scale scam took place where the employees impersonated US Internal Revenue Service and other federal officials, demanding payments […]
by Natasja Bolton, Senior Acquirer Support QSA At the release of the PCI Scoping Guidance back in December 2016, the PCI Council highlighted the fact that “data breach investigation reports continue to find that companies suffering compromises were unaware that cardholder data was present on their compromised systems”. Why is that? Well, often […]
May 17th 2017. Today, Sysnet Global Solutions a leading provider of cyber security and compliance solutions to the payments industry, announced that it has partnered with Elavon Merchant Services to develop Secured Pro; a managed PCI compliance validation and cyber security service that offers enhanced protection against fraud and payment security breaches. “A new […]
The recent global ransomware attack, referred to as ‘WannaCry’, that resulted in over 45,000 attacks and infected major companies, hospitals and other government institutions, unfortunately caught many off guard. WannaCry targeted computers running Windows operating systems that had not been updated with a security update released by Microsoft in March 2017, as well as […]
By Peter Burgess, PCI-QSA, CISSP, CISM (Ret), CIPT US based travel industry company Sabre Hospitality Solutions, which provides SaaS (Software as a Service) to more than 36,000 properties, has alerted hotels that a hacker has apparently breached its SynXis Central Reservations application SynXis Enterprise Platform and may have stolen payment card data and customer personal […]
By Paul Prior, Senior Vice President Client Engagement As recently reported (BBC, CNBC), Mastercard have just released a payment card with an in-built fingerprint sensor. There is no question that the introduction of EMV has had a significant impact on driving down card-present fraud and while fingerprint scanners are not foolproof this type of biometric authentication […]
April 27th, 2017, Dublin, Ireland. Patrick Condren, Chief Information Officer at Sysnet Global Solutions was recently acknowledged in publication Business & Finance as part of the magazines CIO 100 edition. The CIO 100 recognises the top 100 chief information officers who are the key contributors to formulating organisational goals. As mentioned in the article, […]
Requirement 11.2.2 of the Payment Card Industry Data Security Standard, otherwise known as the ASV scanning requirement, affects a significant number of businesses. These businesses need to engage an Approved Scanning Vendor (ASV to run external vulnerability scans quarterly. It can be difficult for these companies to understand what ASV external vulnerability scanning is, […]
By Natasja Bolton, Senior Acquirer Support QSA Mobile Payments, a broad term covering consumer and merchant-initiated mobile payment methods, have been gaining acceptance in the market place; however, have these methods achieved broad acceptance with consumers and businesses alike? In our article ‘State of Pay – have mobile payments reached a turning point?’ we […]
Most businesses have to comply with multiple information security related standards and regulations. In our experience the average is 3. These can include but are not limited to PCI DSS, GDPR, ISO 2700, Sarbanes Oxley, HIPAA, Cyber Essentials, POPI and even audits by clients.
The EU’s General Data Protection Regulation, or GDPR for short, will come into force across all EU Member States from 25th May 2018. GDPR will affect the processing and movement of the personal data of approximately 500 million citizens.
Online commerce has created incredible new opportunities for businesses to market and sell services globally. Many businesses, in particular small to medium ones, often do not consider that they could be targeted by cyber crime. The reality, unfortunately is that small to medium businesses are now very much being targeted by cyber criminals as many are […]
March 29th, 2017, Dublin, Ireland / Cape Town, South Africa. Sysnet Global Solutions, a leading provider of cyber security and compliance solutions, today launched its Combined Assessment Model at the PCI Security Standards Council’s Middle East and Africa Forum in Cape Town, South Africa. Sysnet’s Combined Assessment Model (CAM) is a single assessment model that covers […]
On March 9th 2017, we officially launched our new US Customer Contact Centre in Atlanta, Georgia. Both Commissioner Pat Wilson of the Georgia Department of Economic Development and Gabriel Moynagh, CEO at Sysnet cut the ribbon to officially launch the opening of the new centre. The launch proved to be a great success and was attended […]
End-to-End Encryption (E2EE) and Point-To-Point Encryption (P2PE), are the two main ways that payment card data is protected when a transaction is made at a Point-of-Sale (POS) terminal. Both encryption methods have their pros and cons, however what those differences are and understanding the impact on a business of choosing one over the other can […]
March 9th, 2017, Dublin, Ireland / Atlanta, Georgia. Today, Commissioner Pat Wilson of the Georgia Department of Economic Development officially opened Sysnet’s new customer contact centre located at 1001 Perimeter Summit Boulevard. Sysnet Global Solutions is a leading provider of cyber security and compliance solutions to the payments industry. The new centre will provide services […]
In May last year, in advance of the introduction of the PCI DSS v3.2 SAQs (Self-Assessment Questionnaires) we created a downloadable fact sheet to explain in detail the impact of the updated Standard on the SAQ types.
In December, Visa published a Security Alert warning of an increasing fraud threat, as the U.S. EMV migration continues, from “criminals placing skimming devices on or in attended and unattended point-of–sale (POS) devices for the purpose of collecting payment card information, including PIN numbers”.
Information Security is complex. Understanding risk and implementing appropriate mitigating controls, be they technical or otherwise, is a challenge for organisations of any size. There is no getting away from that, but witchcraft?
With its expanded content, fully revised diagrams of the e-commerce implementation methods and inclusion of case studies the 2017 guidance is a useful reference for merchants and services providers alike.