Ransomware – Steps that organisations and businesses need to take
Blog, Uncategorized

Ransomware – Steps that organisations and businesses need to take

The recent global ransomware attack, referred to as ‘WannaCry’, that resulted in over 45,000 attacks and infected major companies, hospitals and other government institutions, unfortunately caught many off guard. WannaCry targeted computers running Windows operating systems that had not been updated with a security update released by Microsoft in March 2017, as well as computers […]

Face-to-face payments: Mobile vs Plastic
Blog

Face-to-face payments: Mobile vs Plastic

By Paul Prior, Senior Vice President Client Engagement As recently reported (BBC, CNBC), MasterCard have just released a payment card with an in-built fingerprint sensor.  There is no question that the introduction of EMV has had a significant impact on driving down card-present fraud and while fingerprint scanners are not foolproof this type of biometric authentication […]

ASV external vulnerability scans explained
Blog, Uncategorized

ASV external vulnerability scans explained

Requirement 11.2.2 of the Payment Card Industry Data Security Standard, otherwise known as the ASV scanning requirement, affects a significant number of businesses. These businesses need to engage an Approved Scanning Vendor (ASV to run external vulnerability scans quarterly. It can be difficult for these companies to understand what ASV external vulnerability scanning is, what […]

Mobile Payments - Have they met consumer expectations?
Blog, Uncategorized

Mobile Payments – Have they met expectations?

By Natasja Bolton, Acquirer Support Manager Mobile Payments, a broad term covering consumer and merchant-initiated mobile payment methods, have been gaining acceptance in the market place; however, have these methods achieved broad acceptance with consumers and businesses alike?   In our article ‘State of Pay – have mobile payments reached a turning point?’ we explored […]

Our expertise will make your outreach campaign a success
Blog, Uncategorized

Outreach campaign success

Conducting an outreach campaign can be tricky to get right as well as resource heavy. Responding to market conditions while also proactively engaging your customers through their preferred channels can be difficult to achieve successfully. It can make sense to outsource, however often providers are not specialised or experienced enough in conducting an outreach security and compliance […]

New PCI SSC Scoping & Segmentation Guidance: what does it mean?
Blog, Fact Sheets, Uncategorized, Whitepapers

New PCI SSC Scoping & Segmentation Guidance: what does it mean?

By Natasja Bolton, Senior Acquirer Support QSA   Since the earliest iterations of the PCI DSS, the standard has included the requirement for scoping and has referenced network segmentation as a method of reducing the scope, cost and difficulty of a PCI DSS assessment. For just as long organisations, QSAs and ISAs have been seeking further guidance […]

PCI Council publishes PCI scoping guidance
Blog, Uncategorized

PCI Council publishes PCI scoping guidance

The PCI Council recently published a supplement document entitled ‘Guidance for PCI DSS Scoping and Network Segmentation’. The driver for the new guidance document was in response to common questions received from industry stakeholders on scoping and segmentation. The methods outlined within the guidance were formed in collaboration with the council’s board of advisors and […]

Data breach: Prepare your Business
Blog, Fact Sheets, Uncategorized, Whitepapers

Data breach: Prepare your Business

The PCI DSS v3.2 Self-Assessment Questionnaires requires that all merchants have an Incident Response Plan, regardless of their size, volume of transactions or the extent to which they have outsourced the handling of payment card data. This is to make sure they can respond effectively in the event of a breach that could impact payment […]

Demystifying existing non-listed P2PE Solutions
Blog, Uncategorized

Demystifying existing non-listed P2PE Solutions

by Leon van Aswegen, Senior Consulting Manager   In the last two years, the PCI P2PE Standard has gained in popularity amongst Acquirers, Solution Providers, Merchants and their assessing QSAs. This is because PCI P2PE Solutions provide independently assured protection for account data from the point of capture, reducing where and how PCI DSS requirements […]

Cybercrime - Ensuring your retail customers are safe during the holidays
Articles, Blog, Uncategorized

Cybercrime – Ensuring your retail customers are safe during the holidays

With the major holiday season just around the corner, many retail businesses are gearing up for the shopping frenzy to commence. Increasingly customers are turning to online shopping to avoid queues and to bag a bargain. Therefore it is essential that online retailers are prepared to service the high customer demand. Unfortunately for retailers, cyber […]

Visa’s deadline is just around the corner, are you prepared?
Blog

Visa’s deadline is just around the corner, are you prepared?

The deadline for the Visa security program’s new annual compliance requirement for Level 4 merchants is getting closer. Starting from January 31st 2017 all US and Canadian acquired Level 4 merchants are required to validate their compliance with the Payment Card Industry Data Security Standard (PCI DSS) yearly. Or if eligible, the merchants must be […]

Blog, Videos

Cyber security threats – Keeping your customers safe with proactive data security services

  In a previous article, written by Sysnet’s Paul Prior, Paul mentioned how he believed that a change was necessary in the industry. A move away from using non-compliance fees as a mechanism to drive engagement and compliance. He highlighted that most of Sysnet’s clients are evangelising the importance of PCI DSS, however not in […]

Non-compliance fees; considering alternative approaches
Blog, Uncategorized

Non-compliance fees; considering alternative approaches

Non-compliance fees are viewed by many as an acceptable short-term solution to a merchant’s unwillingness to engage with a compliance program. However, often despite the best efforts by acquirers, some merchants continue to remain disengaged. So when a merchant ignores notifications regarding their non-compliance status and the application of non-compliance fees, it may be time […]

EU General Data Protection Regulation, what you need to know  
Blog, Uncategorized

General Data Protection Regulation, what you need to know  

By Natasja Bolton, Acquirer Support Manager   The General Data Protection Regulation, or GDPR for short, will affect the processing and movement of the personal data of the approximately 500 million citizens populating the EU Member States. The new legislation will apply across all EU Member States from 25th May 2018. Furthermore, the GDPR has […]

Breaches rise in the hospitality industry. Practical advice for your customers
Blog

Breaches rise in the hospitality industry. Practical advice for your customers

Michael Hopewell, Managing Information Security Consultant When a breach is reported in the media, more often than not it’s the well-known large companies that make the headlines. In reality cybercriminals are more successful in attacking smaller companies. The reason for this is that smaller businesses often have fewer resources and as a result are less […]

SHA-1 - the PCI Council’s views revealed
Blog, Uncategorized

SHA-1 – the PCI Council’s views revealed

By Natasja Bolton, Acquirer Support Manager   Back in June, Sysnet reported on SHA-1 based certificates and why support was ceasing. In that article we also examined the potential impact on ecommerce businesses. Recently, the PCI Security Standards Council (PCI SSC) has released their own guidance on SHA-1 in the form of a Frequently Asked Questions […]

State of Pay – have mobile payments reached a turning point?
Blog, Uncategorized

State of Pay – have mobile payments reached a turning point?

By Natasja Bolton, Acquirer Support Manager In 2012, MasterCard published the results of their survey of the global mobile payments landscape in their MasterCard Mobile Payments Readiness Index.  The survey recognised that while mobile payments adoption has dependencies on six major elements from infrastructure and financial services to regulation, the critical success factor for mobile […]

New tools in the fight against ransomware
Blog, Uncategorized

New tools in the fight against ransomware

With ransomware showing no signs of disappearing soon, a central repository website entitled “No-More-Ransom” has been established to disrupt cybercriminal businesses with ransomware connections. Europol’s European Cybercrime Centre has teamed up with the National High Tech Crime Unit of the Netherlands’ police, and two cyber security companies to offer advice and troubleshooting services.   A […]

MICROS Security Incident – steps to protect your customers
Blog, Uncategorized

MICROS Security Incident – steps to protect your customers

By Natasja Bolton, Acquirer Support Manager   On August 8th, 2016 Oracle issued a letter informing their MICROS customers that malicious code had been detected in certain legacy systems and advising on the actions their customers should take. Oracle’s letter and subsequent FAQs did not give details of the root cause of the MICROS breach […]

Ask a QSA
Blog, Uncategorized

Ask a QSA

‘Ask a QSA’ recently received the below question that we believe will be of interest to our readers. Seasoned QSA, Natasja Bolton answers. Do fuel cards need to be included in PCI DSS compliance?   In my experience and my QSA colleagues here at Sysnet, we do not believe that there are card scheme branded […]

Timelines set for EU Directive on Network and Information Security
Blog, Uncategorized

Timelines set for EU Directive on Network and Information Security

By Natasja Bolton, Acquirer Support Manager In our recent data breach article, we discussed the need for businesses to consider both their Payment Card Industry Data Security Standard (PCI DSS) and legal obligations when planning for security incidents and data breach reporting. In this article we discuss the recently published EU directive on Network and […]

Blog, Videos

A look inside our contact services facility

    Through our multi-channel contact services centre, we deliver exceptional contact centre services. Our Global Operations Centre provides flexible, on-demand services to help you meet your business objectives. Our Global Operations Centre is based in Dublin, Ireland. We use a combination of outstanding people, best-in-class technology and quality assurance programmes to make sure that […]