The recent global ransomware attack, referred to as ‘WannaCry’, that resulted in over 45,000 attacks and infected major companies, hospitals and other government institutions, unfortunately caught many off guard. WannaCry targeted computers running Windows operating systems that had not been updated with a security update released by Microsoft in March 2017, as well as computers […]
By Paul Prior, Senior Vice President Client Engagement As recently reported (BBC, CNBC), MasterCard have just released a payment card with an in-built fingerprint sensor. There is no question that the introduction of EMV has had a significant impact on driving down card-present fraud and while fingerprint scanners are not foolproof this type of biometric authentication […]
Requirement 11.2.2 of the Payment Card Industry Data Security Standard, otherwise known as the ASV scanning requirement, affects a significant number of businesses. These businesses need to engage an Approved Scanning Vendor (ASV to run external vulnerability scans quarterly. It can be difficult for these companies to understand what ASV external vulnerability scanning is, what […]
By Natasja Bolton, Acquirer Support Manager Mobile Payments, a broad term covering consumer and merchant-initiated mobile payment methods, have been gaining acceptance in the market place; however, have these methods achieved broad acceptance with consumers and businesses alike? In our article ‘State of Pay – have mobile payments reached a turning point?’ we explored […]
Most businesses have to comply with multiple information security related standards and regulations. In our experience the average is 3. These can include but are not limited to PCI DSS, GDPR, ISO 2700, Sarbanes Oxley, HIPAA, Cyber Essentials, POPI and even audits by clients.
The EU’s General Data Protection Regulation, or GDPR for short, will come into force across all EU Member States from 25th May 2018. GDPR will affect the processing and movement of the personal data of approximately 500 million citizens.
End-to-End Encryption (E2EE) and Point-To-Point Encryption (P2PE), are the two main ways that payment card data is protected when a transaction is made at a Point-of-Sale (POS) terminal. Both encryption methods have their pros and cons, however what those differences are and understanding the impact on a business of choosing one over the other can […]
In May last year, in advance of the introduction of the PCI DSS v3.2 SAQs (Self-Assessment Questionnaires) we created a downloadable fact sheet to explain in detail the impact of the updated Standard on the SAQ types.
In December, Visa published a Security Alert warning of an increasing fraud threat, as the U.S. EMV migration continues, from “criminals placing skimming devices on or in attended and unattended point-of–sale (POS) devices for the purpose of collecting payment card information, including PIN numbers”.
Information Security is complex. Understanding risk and implementing appropriate mitigating controls, be they technical or otherwise, is a challenge for organisations of any size. There is no getting away from that, but witchcraft?
With its expanded content, fully revised diagrams of the e-commerce implementation methods and inclusion of case studies the 2017 guidance is a useful reference for merchants and services providers alike.
By Natasja Bolton, Senior Acquirer Support QSA Steps to protect small businesses from this year’s security threats As 2017 rolls out, we continue to explore the security threats and cyber-attacks expected to feature this year. Following on from part 1 which can be read here, in part 2 we examine other risks such […]
Conducting an outreach campaign can be tricky to get right as well as resource heavy. Responding to market conditions while also proactively engaging your customers through their preferred channels can be difficult to achieve successfully. It can make sense to outsource, however often providers are not specialised or experienced enough in conducting an outreach security and compliance […]
By Natasja Bolton, Senior Acquirer Support QSA Steps to protect small businesses from this year’s security threats This week we explore some of the security threats and cyber-attacks expected to feature in 2017. As these risks could impact your small business customers we highlight actions that businesses can take to protect themselves, so […]
By Natasja Bolton, Senior Acquirer Support QSA Since the earliest iterations of the PCI DSS, the standard has included the requirement for scoping and has referenced network segmentation as a method of reducing the scope, cost and difficulty of a PCI DSS assessment. For just as long organisations, QSAs and ISAs have been seeking further guidance […]
The PCI Council recently published a supplement document entitled ‘Guidance for PCI DSS Scoping and Network Segmentation’. The driver for the new guidance document was in response to common questions received from industry stakeholders on scoping and segmentation. The methods outlined within the guidance were formed in collaboration with the council’s board of advisors and […]
The PCI DSS v3.2 Self-Assessment Questionnaires requires that all merchants have an Incident Response Plan, regardless of their size, volume of transactions or the extent to which they have outsourced the handling of payment card data. This is to make sure they can respond effectively in the event of a breach that could impact payment […]
by Leon van Aswegen, Senior Consulting Manager In the last two years, the PCI P2PE Standard has gained in popularity amongst Acquirers, Solution Providers, Merchants and their assessing QSAs. This is because PCI P2PE Solutions provide independently assured protection for account data from the point of capture, reducing where and how PCI DSS requirements […]
With the major holiday season just around the corner, many retail businesses are gearing up for the shopping frenzy to commence. Increasingly customers are turning to online shopping to avoid queues and to bag a bargain. Therefore it is essential that online retailers are prepared to service the high customer demand. Unfortunately for retailers, cyber […]
The deadline for the Visa security program’s new annual compliance requirement for Level 4 merchants is getting closer. Starting from January 31st 2017 all US and Canadian acquired Level 4 merchants are required to validate their compliance with the Payment Card Industry Data Security Standard (PCI DSS) yearly. Or if eligible, the merchants must be […]
The end of October marked the one year anniversary of EMV. As expected there have been a few highs and lows during this time. The transformation has overall been successful with fraud largely dropping and consumer adaptation at a high, however small to medium businesses still have a way to go in relation to getting […]
By Natasja Bolton, Senior Acquirer Support QSA In our previous articles on the progress of the EMV deployment in the U.S. we noted that EMV was expected to drive criminals away from Card Present counterfeit card fraud to Card Not Present (CNP) fraud. CNP fraud has indeed proliferated in the U.S. since the October […]
In a previous article, written by Sysnet’s Paul Prior, Paul mentioned how he believed that a change was necessary in the industry. A move away from using non-compliance fees as a mechanism to drive engagement and compliance. He highlighted that most of Sysnet’s clients are evangelising the importance of PCI DSS, however not in […]
By Paul Prior, Senior Vice President Client Engagement In light of the upcoming US presidential election, it occurred to me that it would be fun (and worthwhile) to reflect on a previous campaign message from a different Clinton in the context of our business. In 1992, James Carville was the campaign strategist for Bill Clinton who […]
Non-compliance fees are viewed by many as an acceptable short-term solution to a merchant’s unwillingness to engage with a compliance program. However, often despite the best efforts by acquirers, some merchants continue to remain disengaged. So when a merchant ignores notifications regarding their non-compliance status and the application of non-compliance fees, it may be time […]
By Natasja Bolton, Acquirer Support Manager The General Data Protection Regulation, or GDPR for short, will affect the processing and movement of the personal data of the approximately 500 million citizens populating the EU Member States. The new legislation will apply across all EU Member States from 25th May 2018. Furthermore, the GDPR has […]
Michael Hopewell, Managing Information Security Consultant When a breach is reported in the media, more often than not it’s the well-known large companies that make the headlines. In reality cybercriminals are more successful in attacking smaller companies. The reason for this is that smaller businesses often have fewer resources and as a result are less […]
By Natasja Bolton, Acquirer Support Manager October 2016 is Cyber Security Awareness Month which runs under the banner of STOP. THINK. CONNECT, and aims to help everyone (private citizens and businesses) to stay safer and more secure online. We believe it is a great opportunity to reach out to your small to medium business customers […]
By Natasja Bolton, Acquirer Support Manager Back in June, Sysnet reported on SHA-1 based certificates and why support was ceasing. In that article we also examined the potential impact on ecommerce businesses. Recently, the PCI Security Standards Council (PCI SSC) has released their own guidance on SHA-1 in the form of a Frequently Asked Questions […]
By Natasja Bolton, Acquirer Support Manager In 2012, MasterCard published the results of their survey of the global mobile payments landscape in their MasterCard Mobile Payments Readiness Index. The survey recognised that while mobile payments adoption has dependencies on six major elements from infrastructure and financial services to regulation, the critical success factor for mobile […]
With ransomware showing no signs of disappearing soon, a central repository website entitled “No-More-Ransom” has been established to disrupt cybercriminal businesses with ransomware connections. Europol’s European Cybercrime Centre has teamed up with the National High Tech Crime Unit of the Netherlands’ police, and two cyber security companies to offer advice and troubleshooting services. A […]
By Jason McWhirr, Information Security Consultant What is the PCI DSS Prioritised Approach? Merchants with more complex payment systems or payment processes that do not fit into the shortened SAQs (A, A-EP, B, B-IP, C & P2PE) are required to complete SAQ D or may require an on-site assessment (for merchants with larger amounts of […]
By Gerald McGauley, Head of Contact Centre When a customer reaches out for assistance they are looking for a person that will understand and assist them, not a machine with automated, monotone answers. To that end when evaluating our associates on their customer interactions they key questions we look to answer are; Did you answer […]
By Jason McWhirr, Information Security Consultant When it comes to processing cardholder data, many businesses these days will often use more than one method. Whether they are using a point of sale (POS) device or taking online payments one thing is clear, all payment card data must be protected by implementing the security controls in […]
By Natasja Bolton, Acquirer Support Manager On August 8th, 2016 Oracle issued a letter informing their MICROS customers that malicious code had been detected in certain legacy systems and advising on the actions their customers should take. Oracle’s letter and subsequent FAQs did not give details of the root cause of the MICROS breach […]
Security and compliance is a lot like having to do taxes, it’s a chore. Most businesses understand that it is important to be secure and compliant, but the complexity and time that it can take can indeed be off putting. In fact some businesses turn to accountants to look after their compliance with standards such […]
‘Ask a QSA’ recently received the below question that we believe will be of interest to our readers. Seasoned QSA, Natasja Bolton answers. Do fuel cards need to be included in PCI DSS compliance? In my experience and my QSA colleagues here at Sysnet, we do not believe that there are card scheme branded […]
By Natasja Bolton, Acquirer Support Manager In our recent data breach article, we discussed the need for businesses to consider both their Payment Card Industry Data Security Standard (PCI DSS) and legal obligations when planning for security incidents and data breach reporting. In this article we discuss the recently published EU directive on Network and […]
Through our multi-channel contact services centre, we deliver exceptional contact centre services. Our Global Operations Centre provides flexible, on-demand services to help you meet your business objectives. Our Global Operations Centre is based in Dublin, Ireland. We use a combination of outstanding people, best-in-class technology and quality assurance programmes to make sure that […]