Introduction The Payment Card Industry Data Security Standard (PCI DSS), while undoubtedly benefitting both merchants and payment card holders, places significant demands on the resources of many acquirers. Most people involved in risk and compliance within the payments industry recognise these benefits; nevertheless running a merchant PCI DSS compliance management programme can be a […]
Mastercard has set a deadline for acquiring organisations to manage risk in their Level 4 Merchant portfolio. Mastercard’s updated Site Data Protection (SDP) Program rules expect PCI DSS compliance validation from your high-risk merchants. Mastercard requires all acquirers to have a Level 4 risk management programme in place to meet the updated SDP requirements. […]
by Natasja Bolton, Managing Information Security Consultant. [Published on 22/01/2020] EU Payment Services Directive (PSD2) & Strong Customer Authentication The revised EU Payment Services Directive (PSD2) is an update to the original 2007 Payment Services Directive (PSD) which created a single market for payments in the European Union (EU). Since 2007, new services offered […]
by Natasja Bolton, QSA, CISSP [17.34, 10/01/2019] Becoming a Level 2 or Level 1 merchant Most businesses, that accept branded cards for purchase of goods or services (merchant businesses) today, are already familiar with the annual process of accessing their acquiring bank’s compliance management portal to self-assess their compliance with the Payment Card Industry […]
by Michael Hopewell, Managing Information Security Consultant. Introduction Many businesses have heard about Point to Point Encryption (P2PE). Point of Sale vendors, service providers and others often mention its benefits to businesses: P2PE can reduce risk to payment card data by rendering it unreadable, minimise the number of systems and networks in scope for […]
In previous articles we have provided guidance on how organisations can protect themselves from ransomware and make sure they are prepared should they be hit by ransomware. Ransomware attacks are a successful and highly profitable criminal business model and, as we predicted in early 2017, ransomware attacks have continued to proliferate. Ransomware is a […]
Compliance with the PCI DSS (Payment Card Industry Data Security Standard) is mandatory for all businesses accepting cards for payment. The Standard ensures appropriate security protocols are applied to your payment acceptance environment to protect against fraud. In its simplest form, the process of achieving compliance involves a scoping (or profiling) stage, which determines […]
Lots of Internet-connected devices are available on the market and a popular theme now is devices to create a ‘smart home’, which includes smart door locks, surveillance/security cameras and heating control systems that can be monitored and controlled when you are away from the home. This ability to remotely connect to and integrate devices […]
The 25th of May has come and gone. While many organisations were proactive in their preparations for aligning themselves with the GDPR, sadly many of your customers may still be the dark about the GDPR and what it means for them. The effects of the GDPR are coming, but should they still be worried? […]
On the 17th May 2018, the PCI SSC published the latest version of the PCI Data Security Standard: the PCI DSS v3.2.1. In this article we look at the changes that have been included in the updated Standard. These are also discussed in the PCI SSC’s summary of changes document. A new standard? This […]
Over the last few months, the PCI SSC has published a set of documents to establish a new program for the specification, testing, evaluation and PCI SSC listing of Software-based PIN entry on Commercial Off The Shelf devices (COTS) Solutions. Solutions also known as SPoC. The PCI DSS developed this new PCI Security Standard […]
‘PIN on Glass’ is a catchy phrase that the payments industry and solution vendors have been bandying about as the next big thing for payment card processing: point of sale solutions that will allow merchants to accept card payments using just their mobile device and with no need to purchase expensive hardware. This is […]
JUMP TO THE INFOGRAPHICS RELATED TO THIS BLOG POST >>> We see and hear many articles in the media about data breaches and talk of millions of records being stolen by faceless cybercriminals. But once this data is stolen and obtained by the individual or criminal organisation, what do they do with […]
Though 2018 hasn’t reached half way, the number of data breaches thus far in the US through to March 27th has seen more than 250 data breaches, with more than 5.4 million records exposed. In comparison to last year there has been a decline of 36% during the same period of time which saw 392 […]
The growth of mobile payments globally continues to pick up pace; however, it is China, to date, that has embraced it most quickly and readily as we previously reported in our article entitled: Is China leading the way forward with Mobile Payments? In 2016 the mobile payments market in China reached $5.5 trillion. In comparison, during […]
By Judith Clark, QSA Consultant Ask a QSA recently received the following query from an acquirer and we felt that this may be of interest to our readers. Merchants had been asking their acquirer “how can we better secure our mcommerce channel?” It’s a good question. Recent research has shown that mobile attack rates […]
Many smaller business owners simply don’t have the time or resources to comply with PCI. As a result, they often end up paying ongoing, non-compliance fees leaving them vulnerable to security breaches. So what’s the solution? It’s simple, take the burden away from smaller merchants by providing them with a managed compliance and security […]
With the General Data Protection Regulation (GDPR) deadline scheduled to go live 25th May 2018, we thought that it was appropriate to have another look at the European directive that will have a global impact. Though a legal requirement created by the EU, GDPR is applicable to personally identifiable information (PII) related to EU […]
Cybersecurity becomes even more complicated in the context of today’s threat landscape, which is not only constantly changing, but is also expanding at an increasingly fast rate. This is the most problematic element of Cybersecurity; its evolution is so fast and unpredictable while the nature of the risks involved are constantly changing. Managing security […]
With the major holiday season just around the corner, many retail businesses are gearing up for the shopping frenzy to commence. Increasingly customers are turning to online shopping to avoid queues and to bag a bargain. Therefore it is essential that online retailers are prepared to service the high customer demand. Unfortunately for retailers, […]
By Paul Prior, Senior Vice President Client Engagement In light of the upcoming US presidential election, it occurred to me that it would be fun (and worthwhile) to reflect on a previous campaign message from a different Clinton in the context of our business. In 1992, James Carville was the campaign strategist for Bill Clinton who […]
Businesses that accept payment cards for goods or services are often targeted by criminals who will attempt to tamper or substitute their card reading device. Regular inspection of payment card terminals and PIN entry devices is one of the most effective ways that businesses can ensure that their devices are secure from tampering and substitution. In the […]
We recently reported that Sysnet’s Natasja Bolton, Senior Acquirer Support had contributed to the development of new payment resources to help small merchants and their banks defend against cybercrime. In this follow-up article we asked Natasja to elaborate further on what her role entailed and how she contributed to the development of this new vital […]
Sysnet is pleased to announce that we are now a Qualified Integrator and Reseller (QIR) provider. The PCI Security Standards Council accreditation, allows qualified companies to implement, configure, and/or support validated PA-DSS Payment Applications on behalf of merchants or service providers for the purposes of performing Qualified Installations as part of the QIR Programme. […]
By Jason McWhirr, Information Security Consultant It will come as no surprise that the Report on Compliance (RoC) template has also been updated as part of the roll out of Payment Card Industry Data Security Standard (PCI DSS) version 3.2. For those not so familiar with the template, it applies to all level 1 […]
By Natasja Bolton, Senior Acquirer Support Businesses like the iFrame method as it allows them to entirely outsource the capture and processing of cardholder data. The data is outsourced to a validated Payment Card Industry Data Security Standard (PCI DSS) compliant Payment Service Provider (PSP). From a consumer perspective it offers a streamlined checkout […]
Laura Johnson, Director of Communications, PCI Security Standards Council, interviews Sysnet’s James Devoy about his perspective on the new version of the PCI DSS. This article was first published on the PCI Security Council website, June 1st, 2016. By Laura Johnson, Director of Communications, PCI Security Standards Council Following publication of PCI Data […]
By Natasja Bolton, Senior Acquirer Support The Prioritised Approach for PCI DSS, has been updated by the PCI Council to reflect the updated PCI DSS version 3.2. As most of you will know, the Prioritised Approach and its associated Excel Tool offers a risk-based, incremental approach to PCI DSS compliance. It defines six security milestones […]
By Natasja Bolton, Senior Acquirer Support In 2015 use of the 20 year old SSL security protocol for encryption of sensitive data in transmission was deprecated (in PCI DSS v3.1) to encourage ecommerce businesses to migrate to TLS (Transport Layer Security). In 2016, further technology changes are underway that will impact those of your customers […]
‘Ask a QSA’ has received the below question that we feel will resonate with some of our clients. Seasoned QSA, Natasja Bolton stepped up to the challenge. One of our merchants has provided their Attestation of Compliance (AOC) as a Service Provider, can we accept that AOC as covering their merchant compliance too? […]
The updated 3.2 Payment Application Data Security Standard (PA-DSS) is scheduled to be released tomorrow, June 1st, 2016 by the PCI Council. In this article we examine what the main impacts of the update are. The new version of PA-DSS comes into effect from 1st June 2016 and version 3.1 is retired on 31st […]
By Natasja Bolton, Senior Acquirer Support SAQ A v3.2 has introduced a number of changes to the self-assessment that will impact your customers that have chosen to outsource the handling and processing of cardholder data to external third party providers. Although the fundamental expectation of SAQ A has not changed (that all payment […]
Natasja Bolton, Senior Acquirer Support, investigates We previously wrote about the release of PCI P2PE Version 2 and its impact for acquirers and their merchants. In this follow-up article we explore an issue that has come to Sysnet’s attention: that many terminal solution providers and point-of-sale (POS) vendors appear to be actively avoiding P2PE […]
By Jason McWhirr, Information Security Consultant The likelihood that your customers will experience a data breach at some stage is unfortunately now a fact of life. It’s not if it will happen, it’s when will it happen? In the previous article, Ransomware – Did you update your incident response plan? we discussed how […]
In a previous article we provided a quick guide to PCI DSS v3.2 to assist you with navigating the updated standard, if you haven’t read it yet we encourage you to do so. In this follow-up article, we examine what are the impacts that v3.2 brings to the various SAQ types. The impact on […]
By Natasja Bolton, Senior Acquirer Support In order to assist you with navigating the updated standard we’ve prepared the following easy to reference Guide to PCI DSS v3.2. For a more in-depth review of PCI V3.2 we recommend reading the article PCI DSS v3.2 – What’s changed. Guide to PCI DSS v3.2 Key Dates […]
by Dr. Grigorios Fragkos, VP Cybersecurity At the beginning of 2016 we warned our readers about the increasing threat of ransomware and provided advice on having an incident response plan that is ready to face this emerging threat. Our article focused on tips related to prevention, response and evading extortion. If you did not have […]
“[Unfamiliar acronyms] create false economies. They may save a few words, but they may also frustrate and force the reader to take more time and effort to understand the document.” U.S. Securities and Exchange Commission, Plain English Handbook. Most sectors have their own industry jargon and acronyms, familiar to those working within the industry […]
By Natasja Bolton, Senior Acquirer Support Face to face card payment transactions generate two receipts – the cardholder copy, on which the Primary Account Number (PAN) must be truncated, and the merchant copy which will usually show the full PAN. Businesses are well aware that they must retain their merchant copy receipts in […]
By Jason McWhirr, Information Security Consultant It is commonplace for organisations to ask consumers to provide Personally Identifiable Information (PII) to prove identity, strengthen authentication mechanisms, and speed-up payments. Most organisations will have an identity profile of each of their consumers that incorporates PII data. This includes common fields such as; address, date of […]
