Creating a successful merchant PCI DSS compliance management programme
Articles, Blog

Creating a successful merchant PCI DSS compliance management programme

Introduction The Payment Card Industry Data Security Standard (PCI DSS), while undoubtedly benefitting both merchants and payment card holders, places significant demands on the resources of many acquirers.   Most people involved in risk and compliance within the payments industry recognise these benefits; nevertheless running a merchant PCI DSS compliance management programme can be a […]

0 Shares
What-is-it-that-makes-a-Level-4-Merchant-High-risk
Articles, Blog

What is it that makes a Level 4 Merchant High-risk?

Mastercard has set a deadline for acquiring organisations to manage risk in their Level 4 Merchant portfolio. Mastercard’s updated Site Data Protection (SDP) Program rules expect PCI DSS compliance validation from your high-risk merchants.   Mastercard requires all acquirers to have a Level 4 risk management programme in place to meet the updated SDP requirements. […]

0 Shares
EU-Payment-Services-Directive-2017-PSD2-and-Strong-Customer-Authentication
Articles, Blog

EU Payment Services Directive 2017 (PSD2) & Strong Customer Authentication

by Natasja Bolton, Managing Information Security Consultant. [Published on 11/12/2018]   PSD2: came into affect in January 2018 To be followed by the security measures and SCA requirements of the Regulatory Technical Standards (RTS) in September 2019.   • Aims: – Address the growth of online remote payment fraud; – Stimulate innovation and competition in […]

0 Shares
Merchant PCI DSS compliance validation – what it means to be a Level 2 or Level 1 merchant
Articles, Blog

Merchant PCI DSS compliance validation – what it means to be a Level 2 or Level 1 merchant

by Natasja Bolton, QSA, CISSP [17.34, 10/01/2019]   Becoming a Level 2 or Level 1 merchant Most businesses, that accept branded cards for purchase of goods or services (merchant businesses) today, are already familiar with the annual process of accessing their acquiring bank’s compliance management portal to self-assess their compliance with the Payment Card Industry […]

0 Shares
What you need to know about Point to Point Encryption
Articles, Blog, Cyber Risk

What you need to know about Point to Point Encryption (P2PE)

by Michael Hopewell, Managing Information Security Consultant.   Introduction Many businesses have heard about Point to Point Encryption (P2PE). Point of Sale vendors, service providers and others often mention its benefits to businesses: P2PE can reduce risk to payment card data by rendering it unreadable, minimise the number of systems and networks in scope for […]

0 Shares
Business Email Compromise Attacks and How to Protect Your Business
Articles, Blog

Business Email Compromise Attacks and How to Protect Your Business!

In previous articles we have provided guidance on how organisations can protect themselves from ransomware and make sure they are prepared should they be hit by ransomware. Ransomware attacks are a successful and highly profitable criminal business model and, as we predicted in early 2017, ransomware attacks have continued to proliferate.   Ransomware is a […]

0 Shares
Maintaining-Your-Compliance-with-the-PCI-DSS-All-Year-Round
Articles, Blog

Maintaining Your Compliance with the PCI DSS – All Year Round

Compliance with the PCI DSS (Payment Card Industry Data Security Standard) is mandatory for all businesses accepting cards for payment. The Standard ensures appropriate security protocols are applied to your payment acceptance environment to protect against fraud.   In its simplest form, the process of achieving compliance involves a scoping (or profiling) stage, which determines […]

0 Shares
PCI DSS and the Internet of Things IoT | Blog Article
Articles, Blog

PCI DSS and the Internet of Things (IoT)

Lots of Internet-connected devices are available on the market and a popular theme now is devices to create a ‘smart home’, which includes smart door locks, surveillance/security cameras and heating control systems that can be monitored and controlled when you are away from the home.   This ability to remotely connect to and integrate devices […]

0 Shares
New PCI SSC Program for Software-based PIN entry on COTS Solutions
Articles, Blog, Uncategorized

New PCI SSC Program for Software-based PIN entry on COTS Solutions

Over the last few months, the PCI SSC has published a set of documents to establish a new program for the specification, testing, evaluation and PCI SSC listing of Software-based PIN entry on Commercial Off The Shelf devices (COTS) Solutions.  Solutions also known as SPoC.   The PCI DSS developed this new PCI Security Standard […]

0 Shares
The global impact of China’s preference for mobile payments - Are your customers ready?
Articles, Uncategorized

The global impact of China’s preference for mobile payments – Are your customers ready?

The growth of mobile payments globally continues to pick up pace; however, it is China, to date, that has embraced it most quickly and readily as we previously reported in our article entitled: Is China leading the way forward with Mobile Payments? In 2016 the mobile payments market in China reached $5.5 trillion. In comparison, during […]

0 Shares
PSD2: Strong Customer Authentication What it means for you and your merchant customers
Articles, Uncategorized

PSD2: Strong Customer Authentication What it means for you and your merchant customers

By Natasja Bolton, Senior Acquirer Support QSA   Our article of February 2016, discussed upcoming EU requirements for Strong Customer Authentication (SCA).  At the time, the European Banking Authority (EBA) had not yet released the implementation requirements for SCA: the Regulatory Technical Standards (RTS).  Now, with the revised EU Payment Services Directive (PSD2) having come […]

0 Shares
Ask A QSA – Mobile attack rates, how can your business customers better secure their mcommerce channel?
Articles, Blog

Ask A QSA – Mobile attack rates, how can your business customers better secure their mcommerce channel?

By Judith Clark, QSA Consultant Ask a QSA recently received the following query from an acquirer and we felt that this may be of interest to our readers. Merchants had been asking their acquirer “how can we better secure our mcommerce channel?”   It’s a good question. Recent research has shown that mobile attack rates […]

0 Shares
Articles, Uncategorized, Videos

Proactive Data Security – take the PCI compliance burden away from small business and make them secure

Many smaller business owners simply don’t have the time or resources to comply with PCI. As a result, they often end up paying ongoing, non-compliance fees leaving them vulnerable to security breaches.   So what’s the solution? It’s simple, take the burden away from smaller merchants by providing them with a managed compliance and security […]

0 Shares
GDPR - The changes and the steps businesses need to take
Articles, Uncategorized

GDPR – The changes and the steps businesses need to take

With the General Data Protection Regulation (GDPR) deadline scheduled to go live 25th May 2018, we thought that it was appropriate to have another look at the European directive that will have a global impact.   Though a legal requirement created by the EU, GDPR is applicable to personally identifiable information (PII) related to EU […]

0 Shares
Cybersecurity Strategy and Essentials
Articles

Cybersecurity Strategy and Essentials

Cybersecurity becomes even more complicated in the context of today’s threat landscape, which is not only constantly changing, but is also expanding at an increasingly fast rate. This is the most problematic element of Cybersecurity; its evolution is so fast and unpredictable while the nature of the risks involved are constantly changing.   Managing security […]

0 Shares
Cybercrime - Ensuring your retail customers are safe during the holidays
Articles, Blog, Uncategorized

Cybercrime – Ensuring your retail customers are safe during the holidays

With the major holiday season just around the corner, many retail businesses are gearing up for the shopping frenzy to commence. Increasingly customers are turning to online shopping to avoid queues and to bag a bargain. Therefore it is essential that online retailers are prepared to service the high customer demand.   Unfortunately for retailers, […]

0 Shares
In light of the upcoming US presidential election
Articles, Blog, Uncategorized

In light of the upcoming US presidential election

By Paul Prior, Senior Vice President Client Engagement In light of the upcoming US presidential election, it occurred to me that it would be fun (and worthwhile) to reflect on a previous campaign message from a different Clinton in the context of our business. In 1992, James Carville was the campaign strategist for Bill Clinton who […]

0 Shares
Articles, Blog, Uncategorised, Videos

Protecting card reading devices – 6 suggestions for your customers

Businesses that accept payment cards for goods or services are often targeted by criminals who will attempt to tamper or substitute their card reading device. Regular inspection of payment card terminals and PIN entry devices is one of the most effective ways that businesses can ensure that their devices are secure from tampering and substitution. In the […]

0 Shares
Articles, Blog, Uncategorised

Sysnet’s Natasja Bolton discusses involvement in Small Merchant Taskforce

We recently reported that Sysnet’s Natasja Bolton, Senior Acquirer Support had contributed to the development of new payment resources to help small merchants and their banks defend against cybercrime. In this follow-up article we asked Natasja to elaborate further on what her role entailed and how she contributed to the development of this new vital […]

0 Shares
Articles, Blog, Uncategorised

Sysnet is now a PCI approved Qualified Integrator and Reseller (QIR)

Sysnet is pleased to announce that we are now a Qualified Integrator and Reseller (QIR) provider. The PCI Security Standards Council accreditation, allows qualified companies to implement, configure, and/or support validated PA-DSS Payment Applications on behalf of merchants or service providers for the purposes of performing Qualified Installations as part of the QIR Programme.   […]

0 Shares
One more nail in the coffin for iFrames?
Articles, Blog, Uncategorised

One more nail in the coffin for iFrames?

By Natasja Bolton, Senior Acquirer Support Businesses like the iFrame method as it allows them to entirely outsource the capture and processing of cardholder data. The data is outsourced to a validated Payment Card Industry Data Security Standard (PCI DSS) compliant Payment Service Provider (PSP).   From a consumer perspective it offers a streamlined checkout […]

0 Shares
Articles

In conversation with the PCI Security Standards Council – Adopting PCI DSS 3.2, multi-factor authentication

Laura Johnson, Director of Communications, PCI Security Standards Council, interviews Sysnet’s James Devoy about his perspective on the new version of the PCI DSS. This article was first published on the PCI Security Council website, June 1st, 2016.   By Laura Johnson, Director of Communications, PCI Security Standards Council   Following publication of PCI Data […]

0 Shares
Updated - Prioritised Approach for version 3.2 
Articles, Blog, Uncategorised

Updated – Prioritised Approach for version 3.2 

By Natasja Bolton, Senior Acquirer Support   The Prioritised Approach for PCI DSS, has been updated by the PCI Council to reflect the updated PCI DSS version 3.2. As most of you will know, the Prioritised Approach and its associated Excel Tool offers a risk-based, incremental approach to PCI DSS compliance.  It defines six security milestones […]

0 Shares
SHA-1 certificates – what your ecommerce customers need to know
Articles, Blog

SHA-1 certificates – what your ecommerce customers need to know

By Natasja Bolton, Senior Acquirer Support In 2015 use of the 20 year old SSL security protocol for encryption of sensitive data in transmission was deprecated (in PCI DSS v3.1) to encourage ecommerce businesses to migrate to TLS (Transport Layer Security).    In 2016, further technology changes are underway that will impact those of your customers […]

0 Shares
Articles

Ask a QSA

‘Ask a QSA’ has received the below question that we feel will resonate with some of our clients. Seasoned QSA, Natasja Bolton stepped up to the challenge.   One of our merchants has provided their Attestation of Compliance (AOC) as a Service Provider, can we accept that AOC as covering their merchant compliance too?   […]

0 Shares
Are your customers aware of the new SAQ A requirements?
Articles, Blog, Uncategorised

Are your customers aware of the new SAQ A requirements?

By Natasja Bolton, Senior Acquirer Support   SAQ A v3.2 has introduced a number of changes to the self-assessment that will impact your customers that have chosen to outsource the handling and processing of cardholder data to external third party providers.   Although the fundamental expectation of SAQ A has not changed (that all payment […]

0 Shares
Why P2PE Solution Validation is not as hard as you may think
Articles, Blog

Why P2PE Solution Validation is not as hard as you may think

Natasja Bolton, Senior Acquirer Support, investigates   We previously wrote about the release of PCI P2PE Version 2 and its impact for acquirers and their merchants. In this follow-up article we explore an issue that has come to Sysnet’s attention: that many terminal solution providers and point-of-sale (POS) vendors appear to be actively avoiding P2PE […]

0 Shares
Unauthorised Wireless Access Points – Steps to ensure that your customers are secure 
Articles

Unauthorised Wireless Access Points – Steps to ensure that your customers are secure 

By Jason McWhirr, Information Security Consultant   The likelihood that your customers will experience a data breach at some stage is unfortunately now a fact of life. It’s not if it will happen, it’s when will it happen?   In the previous article, Ransomware – Did you update your incident response plan? we discussed how […]

0 Shares
Ransomware – Did you update your incident response plan?
Articles

Ransomware – Did you update your incident response plan?

by Dr. Grigorios Fragkos, VP Cybersecurity At the beginning of 2016 we warned our readers about the increasing threat of ransomware and provided advice on having an incident response plan that is ready to face this emerging threat. Our article focused on tips related to prevention, response and evading extortion. If you did not have […]

0 Shares
Keep the compliance jargon to a minimum
Articles, Blog

Keep the compliance jargon to a minimum

“[Unfamiliar acronyms] create false economies. They may save a few words, but they may also frustrate and force the reader to take more time and effort to understand the document.” U.S. Securities and Exchange Commission, Plain English Handbook.   Most sectors have their own industry jargon and acronyms, familiar to those working within the industry […]

0 Shares
Merchant Receipts: Are your customers storing more payment card data than they need?
Articles, Blog

Merchant Receipts: Are your customers storing more payment card data than they need?

By Natasja Bolton, Senior Acquirer Support   Face to face card payment transactions generate two receipts – the cardholder copy, on which the Primary Account Number (PAN) must be truncated, and the merchant copy which will usually show the full PAN.   Businesses are well aware that they must retain their merchant copy receipts in […]

0 Shares