By Natasja Bolton, Senior Acquirer Support Face to face card payment transactions generate two receipts – the cardholder copy, on which the Primary Account Number (PAN) must be truncated, and the merchant copy which will usually show the full PAN. Businesses are well aware that they must retain their merchant copy receipts in […]
By Jason McWhirr, Information Security Consultant It is commonplace for organisations to ask consumers to provide Personally Identifiable Information (PII) to prove identity, strengthen authentication mechanisms, and speed-up payments. Most organisations will have an identity profile of each of their consumers that incorporates PII data. This includes common fields such as; address, date of […]
In a previous article entitled ‘Solving the tribal knowledge problem’ we discussed the challenge that many organisations have where a customer is being managed by a small team or an individual and the sharing of knowledge to other team members does not happen outside of that circle. In the following article we examine how PCI […]
The updated PCI DSS version 3.2 is scheduled to be released at the end of April, in our previous post entitled ‘Council announce PCI DSS V3.2 update’ we looked at what was potentially making an appearance in the update. In this follow-up article, we examine the planned features to the new update that were presented by […]
‘Ask a QSA’ has received a number of queries recently, the below question is somewhat unusual but is something that will resonate with some of our clients. Seasoned QSA, Natasja Bolton stepped up to the challenge. Do acquirers need to be listed as a service provider in Part 2f of the SAQ or included […]
By Natasja Bolton, Acquirer Support Manager The primary objectives (or attributes) of security (whether that be ‘information security’ or more recently ‘cyber security’) are encompassed in the CIA triad: Confidentiality, Integrity and Availability which are defined as: Confidentiality: ensuring that information is accessible only to those authorised to have access Integrity: ensuring the accuracy and […]
Reaching out to a customer once is often not enough, it can take a little bit of encouragement. Ensuring your strategy includes follow-up communications will help you to build your relationships with your customers. They will also feel that they will have support from you as and when they need it. Understanding what is […]
By Natasja Bolton, Acquirer Support Manager Back in late October 2015, we reported how some SMB’s were stating that the “EMV transition is overwhelming”. Fast forward nearly 5 months, the question arising is: how successful has the EMV roll out been so far? From a consumer perspective, the roll out has seen an estimated […]
In our experience we have found that the devil is in the detail when it comes to successfully engaging customers with a multichannel campaign. Changes or alterations that could easily be viewed as minor can often dramatically improve engagement rates. In the following infographic ‘Boost Your Campaign Engagement’ we examine the details that can […]
by Dr. Grigorios Fragkos, VP Cybersecurity Building a Security Operations Centre (SOC) is undoubtedly the best move you can make towards protecting not only your organisation’s data, systems and services, but also any sensitive information about your clients that you handle or store. This article is a brief overview of the task of building […]
The threat landscape over the last few months has changed considerably, vulnerabilities such as POODLE severely undermined what were considered to be strong cryptographic protocols. Though it’s been less than a year since the last version of the Payment Card Industry Data Security Standard (PCI DSS) was released, the PCI Security Standards Council have […]
‘Ask a QSA’ received a number of queries recently, however the below question is something that we believe will resonate with quite a few of our clients. Seasoned QSA, Natasja Bolton stepped up to the challenge. Does Payment Application Data Security Standard (PA-DSS) apply to payment applications provided as ‘Software as a Service’? […]
The concept of a connected workplace or even a virtual work space is certainly not a new one, and with cloud-based technology advancing at an increasingly fast pace, it is getting easier to get closer to this concept. However, in the case where a customer is being managed by a small team, or even […]
by Dr. Grigorios Fragkos, VP Cybersecurity Back in August 2015, Sysnet discussed the complexity of what the term CyberSecurity represents, especially in the context of today’s threat landscape. This complexity is not only constantly increasing but it is also expanding at an exponential rate. The risks involved demand constant attention and very good understanding of […]
By Natasja Bolton, Acquirer Support Manager In our December Ecommerce article we discussed the European Banking Authority’s (EBA) new guidelines for the security of internet payments and the possibility that, with the need to enhance protection of consumers against online payment fraud, presenting Payment Service Provider (PSP) hosted payment pages in iFrames may no longer be acceptable. […]
Increasing and maintaining PCI DSS compliance can be a challenge, many factors often come into play, from how customers are engaging with their PCI programme to what channel and communications are compelling them to take action. Every communication channel has a value and a benefit, understanding when to implement which channel and at what stage […]
Managing your database of customers across all PCI DSS levels can be challenging and may involve multiple spreadsheets, documents and email accounts scattered across your business. Engaging your relationship managed customers and guiding them through their PCI DSS journey can be complicated and challenging to keep track of. Sysnet’s VIP Manager addresses these issues […]
Just in the the US alone, there are approximately 28 million SMBs many of which struggle with keeping their business safe from cybercriminals, they often lack the knowledge, resources and budget to implement a suitable cybersecurity plan. Given the sheer volume of SMBs within the majority of acquiring portfolios, the security of these customers can have a large […]
By Natasja Bolton, Acquirer Support Manager It’s suspected that several of the large retail chains that suffered major data breaches in the past few years were running 14 year old software Windows XP Embedded SP3, a Windows XP operating system version that is used by retailers of all sizes in their Point-of-Sale (POS) systems, and […]
Over the past number of years the merchant aggregator model has become more and more popular to the point where it might even be considered commonplace. These enterprises that essentially bring together a fragmented marketplace, funnel and process multiple merchant transactions through a single account. Well-known merchant aggregator brands such as Paypal, Checkout by […]
By Patrick Condren, Ph.D., Chief Information Officer “You cannot solve a problem by using the same thinking that created it”, Albert Einstein. If you want to get disruptive, you will have to think differently. Is disruption good? What is disruptive thinking? Essentially it is the kind of ideas and thinking that disrupt the status […]
By Natasja Bolton, Acquirer Support Manager Although PCI DSS is a prescriptive set of requirements focussed on payment card data and most cyber-security guides do not go to the same level of detail, being high-level recommendations and advice without specific measures of the achievement of the risk reduction objective, the Cyber Essentials Scheme does cover a […]
by Dr. Grigorios Fragkos, VP Cybersecurity Ransomware, a malware that prevents or in some cases limits users from accessing their data has been on the rise. Last year, 2015 saw a considerable increase with Crowti (also known as CryptoWall) and FakeBSOD being the two instances that affected more than 850,000 systems between June and November. […]
by Dr. Grigorios Fragkos, VP Cybersecurity The Cyber Liability Insurance Cover (CLIC) or otherwise referred to as cyber insurance, is a market that grew significantly in 2015. One of the main factors that significantly contributed to this growth is the constant increase of threats in the cyber space and more specifically the high profile data breaches that […]
by Jason McWhirr, Information Security Consultant One of the most important (and underused) first steps for any business or service provider when undertaking PCI DSS is to understand how cardholder data is used within their organisation, its people, departments, and systems. Without first knowing this, it is impossible to know which parts of their organisation […]
Every engagement with a client provides an opportunity for you to strengthen your relationship with them. By ensuring that each contact makes them feel that they have a strong business partner that they can trust, rely on, and build their business with, you are fueling their loyalty and strengthening your customer relationship. Conversely, each […]
Challenges of change Rolling out a new service or product to all, or a significant portion of, your customers can be challenging. However despite the collective headaches that it can cause, most organisations realise that it is often necessity to do so in order to stay competitive. It’s not enough to just have a […]
By Natasja Bolton, Acquirer Support Manager As we discussed in the Ecommerce SAQ Selection guide, business seeking to minimise their PCI DSS compliance obligations for their ecommerce payment channel often outsource all capture and processing of payment card data to validated PCI DSS compliant payment service providers (PSPs). The most common method of doing […]
By Patrick Condren, Ph.D., Chief Information Officer The interesting thing about data is, if we get huge amounts of information (aka: Big Data) the precision of the data declines, but the probability of the data increases. Big Data, for example, is like the tweets about the NY Yankees and the Facebook data (and other sources) […]
by Dr. Grigorios Fragkos, VP Cybersecurity Billions of people are now using smartphones, even in the most remote areas of the planet. Global adoption of these new mobile technologies opens up the discussion for more advanced methods of identification, authentication, and verification, especially when it comes to protecting against fraud, identity theft and financial crime. […]
There’s no doubt about it, attrition costs and it’s certainly not an easy pill to swallow. In the U.S. acquirers suffer on average attrition rates of 22% and at the high end it can even reach 36%. The cost of attrition to the industry is substantial, in fact some reports have stated that on […]
Many factors can impact the effective delivery of a PCI programme for acquirers, processors and ISOs. From how customers are engaging with their PCI programme to what channel and communications are compelling them to take action. Download our Best Practice Guide where we take a look at how an omni-channel approach can improve customer […]
by Natasja Bolton, Acquirer Support Manager Business customers engage with all manner of third party service providers to support their business, whether that be IT support providers, data centres, offsite storage providers, hosting providers or payment processors. What is not always understood is that outsourcing a business operation or buying in a service […]
by Dr. Grigorios Fragkos, VP Cybersecurity Online shopping, especially during the holiday period, is a massively important trading platform for many businesses. For online retailers their ability to service high customer demand and ensure the availability of their website throughout this period is crucial to their success. The shopping frenzy has already started, with […]
by Natasja Bolton, Acquirer Support Manager Most small and medium-sized merchants rely on an online compliance portal, such as our Sysnet.air solution, to determine the appropriate SAQ for their PCI DSS self-assessment. SAQ determination is based on the merchant’s completion of a series of questions on their payment channels and payment processing methods. For many merchants […]
Global data breach and security threat reports continue to highlight that all organisations both large and small may be subject to cyber attacks. As Forbes pointed out in a recent article, in 2014 “60 percent of all targeted attacks struck small- and medium-sized organizations”. In previous blog entries, we discussed that these smaller organisations […]
by Dr. Grigorios Fragkos, VP Cybersecurity In this article we will see how cybercriminals combine attack tactics in order to infiltrate businesses. All staff in an organisation, including the CEO and the board of directors, need to be not only aware of the emerging threats currently been seen in the wild, but also be cyber-aware […]
by Patrick Condren Ph.D. CIO at Sysnet Global Solutions Bet the headline got your attention, maybe even raised your blood pressure a bit! This is a blog that I thought would NEVER need writing, maybe 20 years ago, but not today. Not in our times. From old movies, folklore and old books, we have all heard […]
In our experience, getting merchants compliant is not unlike carrying out a sales campaign, it can sometimes take quite a few calls to successfully engage merchants in the process. Studies show that 80 Percent of successful sales require five follow-up calls. Though it seldom takes that many calls to get merchants compliant, sometimes a […]
Outsourcing makes sense and is widely practiced by many organisations for all sorts of business processes. However, within the payments industry, one area where outsourcing is not so readily embraced is that of merchant contact services and with good reason. One of the primary disadvantages of outsourcing this service is the lack of customer focus. […]
