Merchant Receipts: Are your customers storing more payment card data than they need?
Articles, Blog

Merchant Receipts: Are your customers storing more payment card data than they need?

By Natasja Bolton, Senior Acquirer Support   Face to face card payment transactions generate two receipts – the cardholder copy, on which the Primary Account Number (PAN) must be truncated, and the merchant copy which will usually show the full PAN.   Businesses are well aware that they must retain their merchant copy receipts in […]

0 Shares
Criminals aren’t just after payments data, they want a consumer’s identity
Articles, Blog

Criminals aren’t just after payments data, they want a consumer’s identity

By Jason McWhirr, Information Security Consultant It is commonplace for organisations to ask consumers to provide Personally Identifiable Information (PII) to prove identity, strengthen authentication mechanisms, and speed-up payments. Most organisations will have an identity profile of each of their consumers that incorporates PII data.   This includes common fields such as; address, date of […]

0 Shares
Ask a QSA
Articles

Ask a QSA

‘Ask a QSA’ has received a number of queries recently, the below question is somewhat unusual but is something that will resonate with some of our clients. Seasoned QSA, Natasja Bolton stepped up to the challenge.   Do acquirers need to be listed as a service provider in Part 2f of the SAQ or included […]

0 Shares
How PCI DSS builds layers of protection
Articles, Blog, Cyber Risk

How PCI DSS builds layers of protection

By Natasja Bolton, Acquirer Support Manager The primary objectives (or attributes) of security (whether that be ‘information security’ or more recently ‘cyber security’) are encompassed in the CIA triad: Confidentiality, Integrity and Availability which are defined as: Confidentiality: ensuring that information is accessible only to those authorised to have access Integrity: ensuring the accuracy and […]

0 Shares
Articles

Increasing customer compliance rates with a communication strategy

Reaching out to a customer once is often not enough, it can take a little bit of encouragement. Ensuring your strategy includes follow-up communications will help you to build your relationships with your customers. They will also feel that they will have support from you as and when they need it.   Understanding what is […]

0 Shares
It’s all in the details – successful campaign engagement
Articles, Blog, Infographics

It’s all in the details – successful campaign engagement

In our experience we have found that the devil is in the detail when it comes to successfully engaging customers with a multichannel campaign. Changes or alterations that could easily be viewed as minor can often dramatically improve engagement rates.   In the following infographic ‘Boost Your Campaign Engagement’ we examine the details that can […]

0 Shares
Council announce PCI DSS V3.2 update
Articles, Blog

Council announce PCI DSS V3.2 update

The threat landscape over the last few months has changed considerably, vulnerabilities such as POODLE severely undermined what were considered to be strong cryptographic protocols.   Though it’s been less than a year since the last version of the Payment Card Industry Data Security Standard (PCI DSS) was released, the PCI Security Standards Council have […]

0 Shares
Articles

Ask a QSA

‘Ask a QSA’ received a number of queries recently, however the below question is something that we believe will resonate with quite a few of our clients. Seasoned QSA, Natasja Bolton stepped up to the challenge.   Does Payment Application Data Security Standard (PA-DSS) apply to payment applications provided as ‘Software as a Service’?    […]

0 Shares
The rise of the (Chief) Data Protection Officer
Articles, Blog

The rise of the (Chief) Data Protection Officer

by Dr. Grigorios Fragkos, VP Cybersecurity Back in August 2015, Sysnet discussed the complexity of what the term CyberSecurity represents, especially in the context of today’s threat landscape. This complexity is not only constantly increasing but it is also expanding at an exponential rate. The risks involved demand constant attention and very good understanding of […]

0 Shares
New acquirer responsibilities - Strong customer authentication under forthcoming EU legislation
Articles, Blog

New acquirer responsibilities – Strong customer authentication under forthcoming EU legislation

By Natasja Bolton, Acquirer Support Manager In our December Ecommerce article we discussed the European Banking Authority’s (EBA) new guidelines for the security of internet payments and the possibility that, with the need to enhance protection of consumers against online payment fraud, presenting Payment Service Provider (PSP) hosted payment pages in iFrames may no longer be acceptable. […]

0 Shares
Choosing-the-right-communications-channel-to-drive-engagement
Articles, Blog, Infographics

Choosing the right communications channel to drive engagement

Increasing and maintaining PCI DSS compliance can be a challenge, many factors often come into play, from how customers are engaging with their PCI programme to what channel and communications are compelling them to take action. Every communication channel has a value and a benefit, understanding when to implement which channel and at what stage […]

0 Shares
Articles

Streamline VIP customer compliance management

Managing your database of customers across all PCI DSS levels can be challenging and may involve multiple spreadsheets, documents and email accounts scattered across your business. Engaging your relationship managed customers and guiding them through their PCI DSS journey can be complicated and challenging to keep track of.   Sysnet’s VIP Manager addresses these issues […]

0 Shares
Articles

SMB security a vital component of your overall security strategy

Just in the the US alone, there are approximately 28 million SMBs many of which struggle with keeping their business safe from cybercriminals, they often lack the knowledge, resources and budget to implement a suitable cybersecurity plan. Given the sheer volume of SMBs within the majority of acquiring portfolios, the security of these customers can have a large […]

0 Shares
Are your customers' POS systems exposed to risk?
Articles, Blog

Are your customers’ POS systems exposed to risk?

By Natasja Bolton, Acquirer Support Manager It’s suspected that several of the large retail chains that suffered major data breaches in the past few years were running 14 year old software Windows XP Embedded SP3, a Windows XP operating system version that is used by retailers of all sizes in their Point-of-Sale (POS) systems, and […]

0 Shares
Merchant aggregators – A risky prospect?
Articles, Blog

Merchant aggregators – A risky prospect?

Over the past number of years the merchant aggregator model has become more and more popular to the point where it might even be considered commonplace. These enterprises that essentially bring together a fragmented marketplace, funnel and process multiple merchant transactions through a single account.   Well-known merchant aggregator brands such as Paypal, Checkout by […]

0 Shares
Articles, Blog

Can Cyber Essentials help your clients towards PCI DSS compliance?

By Natasja Bolton, Acquirer Support Manager Although PCI DSS is a prescriptive set of requirements focussed on payment card data and most cyber-security guides do not go to the same level of detail, being high-level recommendations and advice without specific measures of the achievement of the risk reduction objective, the Cyber Essentials Scheme does cover a […]

0 Shares
Ransomware - Tips on prevention, response and evading extortion
Articles, Blog

Ransomware – Tips on prevention, response and evading extortion

by Dr. Grigorios Fragkos, VP Cybersecurity Ransomware, a malware that prevents or in some cases limits users from accessing their data has been on the rise. Last year, 2015 saw a considerable increase with Crowti (also known as CryptoWall) and FakeBSOD being the two instances that affected more than 850,000 systems between June and November. […]

0 Shares
Why cyber insurance grew in popularity in 2015
Articles, Blog

Why cyber insurance grew in popularity in 2015

by Dr. Grigorios Fragkos, VP Cybersecurity The Cyber Liability Insurance Cover (CLIC) or otherwise referred to as cyber insurance, is a market that grew significantly in 2015. One of the main factors that significantly contributed to this growth is the constant increase of threats in the cyber space and more specifically the high profile data breaches that […]

0 Shares
Do your clients know their cardholder data environment?
Articles, Blog, Whitepapers

Do your clients know their cardholder data environment?

by Jason McWhirr, Information Security Consultant One of the most important (and underused) first steps for any business or service provider when undertaking PCI DSS is to understand how cardholder data is used within their organisation, its people, departments, and systems. Without first knowing this, it is impossible to know which parts of their organisation […]

0 Shares
Articles, Blog

Using data to build better relationships with your SMBs

Every engagement with a client provides an opportunity for you to strengthen your relationship with them. By ensuring that each contact makes them feel that they have a strong business partner that they can trust, rely on, and build their business with, you are fueling their loyalty and strengthening your customer relationship.   Conversely, each […]

0 Shares
The end of the road for Ecommerce iFrames?
Articles, Blog

The end of the road for Ecommerce iFrames?

By Natasja Bolton, Acquirer Support Manager As we discussed in the Ecommerce SAQ Selection guide, business seeking to minimise their PCI DSS compliance obligations for their ecommerce payment channel often outsource all capture and processing of payment card data to validated PCI DSS compliant payment service providers (PSPs).   The most common method of doing […]

0 Shares
Biometrics: the Future of Mobile Payments?
Articles

Biometrics: the Future of Mobile Payments?

by Dr. Grigorios Fragkos, VP Cybersecurity Billions of people are now using smartphones, even in the most remote areas of the planet. Global adoption of these new mobile technologies opens up the discussion for more advanced methods of identification, authentication, and verification, especially when it comes to protecting against fraud, identity theft and financial crime. […]

0 Shares
Customer engagement - driving compliance through customer engagement
Articles, Blog, Whitepapers

Customer engagement – driving compliance through customer engagement

Many factors can impact the effective delivery of a PCI programme for acquirers, processors and ISOs.  From how customers are engaging with their PCI programme to what channel and communications are compelling them to take action.   Download our Best Practice Guide where we take a look at how an omni-channel approach can improve customer […]

0 Shares
The Requirement for Service Provider PCI DSS Compliance
Articles, Blog

The Requirement for Service Provider PCI DSS Compliance

by Natasja Bolton, Acquirer Support Manager     Business customers engage with all manner of third party service providers to support their business, whether that be IT support providers, data centres, offsite storage providers, hosting providers or payment processors. What is not always understood is that outsourcing a business operation or buying in a service […]

0 Shares
Articles

Combating cybercrime during the holidays

by Dr. Grigorios Fragkos, VP Cybersecurity Online shopping, especially during the holiday period, is a massively important trading platform for many businesses. For online retailers their ability to service high customer demand and ensure the availability of their website throughout this period is crucial to their success.   The shopping frenzy has already started, with […]

0 Shares
A guide to ecommerce SAQs
Articles, Blog, Client Resources, Whitepapers

A guide to ecommerce SAQs

by Natasja Bolton, Acquirer Support Manager Most small and medium-sized merchants rely on an online compliance portal, such as our Sysnet.air solution, to determine the appropriate SAQ for their PCI DSS self-assessment. SAQ determination is based on the merchant’s completion of a series of questions on their  payment channels and payment processing methods.   For many merchants […]

0 Shares
Articles, Client Resources

Cyber Security Innovation Voucher Scheme to help SMBs

Global data breach and security threat reports continue to highlight that all organisations both large and small may be subject to cyber attacks.  As Forbes pointed out in a recent article, in 2014 “60 percent of all targeted attacks struck small- and medium-sized organizations”.   In previous blog entries, we discussed that these smaller organisations […]

0 Shares
Articles, Client Resources

The cyber threat in 2015 – A closer look

by Dr. Grigorios Fragkos, VP Cybersecurity In this article we will see how cybercriminals combine attack tactics in order to infiltrate businesses. All staff in an organisation, including the CEO and the board of directors, need to be not only aware of the emerging threats currently been seen in the wild, but also be cyber-aware […]

0 Shares
Articles, Client Resources

Closing the deal on compliance merchant support service

In our experience, getting merchants compliant is not unlike carrying out a sales campaign, it can sometimes take quite a few calls to successfully engage merchants in the process. Studies show that 80 Percent of successful sales require five follow-up calls.   Though it seldom takes that many calls to get merchants compliant, sometimes a […]

0 Shares
Articles, Client Resources

Outsourcing Customer Contact Services

Outsourcing makes sense and is widely practiced by many organisations for all sorts of business processes.  However, within the payments industry, one area where outsourcing is not so readily embraced is that of merchant contact services and with good reason. One of the primary disadvantages of outsourcing this service is the lack of customer focus.   […]

0 Shares