Ask A QSA – Mobile attack rates, how can your business customers better secure their mcommerce channel?
Articles, Blog

Ask A QSA – Mobile attack rates, how can your business customers better secure their mcommerce channel?

By Judith Clark, QSA Consultant Ask a QSA recently received the following query from an acquirer and we felt that this may be of interest to our readers. Merchants had been asking their acquirer “how can we better secure our mcommerce channel?”   It’s a good question. Recent research has shown that mobile attack rates […]

The evolution of the cybercriminal means small businesses need to adapt
Blog, Uncategorized

The evolution of the cybercriminal means small businesses need to adapt

We regularly hear news stories about large corporations being hit with fines and suffering significant costs due to data breaches.  Many small businesses believe themselves to be immune to this threat as they believe themselves to be “too small to be a target” or that they “don’t hold valuable data.” Sadly, this is no longer […]

Why small businesses need to take cyber security seriously
Blog, Fact Sheets, Uncategorized

Why small businesses need to take cyber security seriously

Continuing on with our series of articles that focuses on challenges that many smaller businesses have, in this paper we highlight the risks cyber security poses to small businesses. We discuss how company data can be monetised by cybercriminals, why small businesses are at risk and the real cost of ignoring cyber security issues. Share […]

Addressing the growing risk from insecure third party remote access
Blog

Addressing the growing risk from insecure third party remote access

By Judith Clark, QSA Consultant In recent years, numerous security reports have identified an increasing trend for intrusions affecting Point of Sale (POS) environments to have involved insecure remote access from service providers and their networks.  As the ENISA points out, criminals are turning to network-based attacks against retailers’ POS infrastructure because attacks requiring physical […]

Basic cyber threats explained
Blog, Infographics, Uncategorized

Basic cyber threats explained

Businesses, in particular small to medium ones, often do not consider that they could be targeted by cybercrime. Unfortunately, the reality is that many small to medium businesses are now very much being targeted by cyber-criminals. The vast majority of criminals are opportunists, meaning that they will look to take advantage of any businesses that are […]

Simple Cyber Security threats every small business owner should know about
Blog, Fact Sheets, Uncategorized

Simple cyber security threats every small business owner should know about

Cyber security is a wide-ranging term that can relate to a plethora of complicated issues that are far above the head of the average person. However, small businesses can take strides towards making themselves more secure by taking simple steps to secure their information by avoiding negligent security habits.   These small practices begin with […]

The TLS deadline is fast approaching. What it is & how we can help your customers be prepared
Blog, Uncategorized

The TLS deadline is fast approaching. We examine what it is and how we can help your customers be prepared

With the Payment Card Industry Security Standards Council (PCI SSC) 30th June 2018 deadline fast approaching, it’s important that your customers are prepared to migrate to a secure version of TLS .   Back in October of last year, Sysnet’s Natasja Bolton, Senior Acquirer Support QSA, highlighted the key factors as to what the TLS […]

An alternative approach to non-compliance fees
Blog, Infographics

An alternative approach to non-compliance fees

Despite various approaches that some acquirers take to try and engage with businesses when it comes to compliance programs, some merchants simply do not engage. The traditional approach of driving compliance via non-compliance fees unfortunately doesn’t always produce results and can also lead to a negative association with the brand of the acquirer in the eyes […]

The PCI DSS v3.2 requirements that become effective from February 2018
Blog, Uncategorized

The PCI DSS v3.2 requirements that become effective from February 2018

By Francis Kyereh, Information Security Consultant Maintaining payment security is required for all entities that store, process or transmit cardholder data. Guidance for maintaining payment security is provided in PCI security standards. These set the technical and operational requirements for organisations accepting or processing payment transactions. The PCI DSS Version 3.2, containing nine new requirements […]

Understanding the scope for PCI DSS
Blog, Uncategorized, Whitepapers

Understanding the scope for PCI DSS

When undertaking any kind of PCI DSS assessment, whether it is a formal assessment or self-assessment questionnaire (SAQ), the most important thing is ensuring that the scope is correct. Without an understanding of the scope, systems may be overlooked and/or insufficient security controls applied. This may lead to a risk of data breach.   Conversely, […]

5 cyber-predictions for 2018 (Part 1)
Blog, Uncategorized

5 cyber-predictions for 2018 (Part 1)

By Juliusz Idzik, Senior Information Security Consultant 2017 review During 2017 we witnessed some interesting but unnerving cyber campaigns that have forced many of us to rethink our security posture and whether our organisations are prepared to face sophisticated attacks. These campaigns use new, innovative tools that can pass traditional security mechanisms without any alert or […]

Contactless Cards: Protect your business customers from fraud/lost sales
Blog, Uncategorized

Contactless Cards: Protect your business customers from fraud/lost sales

By Judith Clark, QSA Consultant With 95% of credit cards in Canada supporting contactless, 165 million contactless cards across Europe and one out of three card payments being contactless in the UK; the total amount spent in the UK is estimated to be approximately £23 billion for the first six months of 2017. The popularity […]

Preparing your business for a data breach
Blog, Uncategorized

Preparing your business for a data breach

By Mat Clarke, Information Security Analyst Whilst guarding against a security breach is often high on the agenda for businesses and security professionals alike, making preparations for the worst-case scenario actually occurring can easily be overlooked.   Unfortunately, as a number of recent high-profile security breaches have demonstrated, no set of defences is infallible and […]

Migrating to a secure version of TLS and preparing for the June 2018 deadline
Blog, Uncategorized, Whitepapers

Migrating to a secure version of TLS and preparing for the June 2018 deadline

By David Morris, PCI Compliance Analyst Following on from Natasja Bolton’s article that highlighted the PCI Council June 30th deadline in relation to organisations not using Secure Sockets Layer (SSL) or early Transport Layer Security (TLS) as a security control, David Morris discusses the reasons for the requirement to migrate to a secure version of […]

Demystifying PCI DSS requirements: Penetration/segmentation testing
Blog

Demystifying PCI DSS requirements: Penetration/segmentation testing

By Mat Clarke, Information Security Analyst Introduction Testing the security of any network infrastructure and applications which are involved in the storing, processing or transmitting of cardholder data is often a key part of maintaining compliance with Payment Card Industry Data Security Standard (PCI DSS) requirements.   Along with internal and external vulnerability scanning (only […]

Are your customers ready for 31 January 2018?
Blog, Uncategorized

Are your customers ready for 31 January 2018?

By Natasja Bolton, Senior Acquirer Support QSA In my last article, I discussed whether two-step authentication was ever acceptable to meet PCI DSS’s requirements for multi-factor authentication. In that article, we also noted that PCI DSS requirement 8.3.1 is currently a best practice which becomes a requirement after 31st January 2018.   It seems timely […]

The industry hasn’t done enough to help small business merchants with their security issues
Blog, Uncategorized

The industry hasn’t done enough to help small business merchants with their security issues

Sysnet CEO, Gabriel Moynagh, explains how acquiring organisations can make a real impact on small business security, by replacing revenue from PCI DSS penalties for non-compliance, with a managed service offering that boosts merchant security.   The PCI DSS was set up to help businesses process card payments securely and reduce fraud. Most acquirers will […]

Why protecting your data often means thinking like a hacker
Blog, Uncategorized

Why protecting your data often means thinking like a hacker

by Peter Burgess, Senior Information Security Consultant Hackers are constantly looking for new ways to access an organisation’s data and sometimes they succeed. One of the more bizarre approaches recently was by using a fish tank. The hackers attempted to access and steal data from a North American casino by accessing a fish tank connected to the […]

NIS directive & GDPR: Regulations that will have a global impact
Blog, Uncategorized

NIS directive & GDPR: Regulations that will have a global impact

By Natasja Bolton, Senior Acquirer Support QSA With the increase of malware and other malicious cyber security attacks that have had a global impact in the last few years, governments around the world have been trying to implement concrete safeguards through regulation. The goal of these regulations being to not only protect valuable infrastructure services […]

Blog, News

Sysnet Global Solutions appoints Jeremy Coram as SVP Business Development, North America

July 24th, 2017. Sysnet Global Solutions a leading provider of cyber security and compliance solutions to the payments industry, today announced that it has appointed Jeremy Coram as SVP Business Development, North America. Jeremy will be responsible for identifying and strategically assessing mutually beneficial opportunities within the cyber security space, for Sysnet and its current […]

What you need to know about Point-to-Point Encryption 
Blog, Fact Sheets, Uncategorized

What you need to know about Point-to-Point Encryption (P2PE)

Many businesses are often unaware that ensuring their payment terminals are part of a Point-to-Point Encryption (P2PE) Solution can carry considerable benefits when it comes to simplifying their PCI DSS compliance. As we discovered here at Sysnet, the reason why many businesses are not aware of P2PE and its benefits is that they often find […]

Blog, Uncategorized

Growth in payment card transactions makes PCI DSS compliance more important than ever

by Natasja Bolton, Senior Acquirer Support QSA The UK Cards Association’s 2017 report on UK Card Payments, released on 19th June 2017, reported a doubling of debit and credit card purchases in the last 10 years.  The volume of card transactions reached 16.4 billion in 2016, an increase of 146% from 2006, even though the […]

Payments using biometrics, are financial organisations ready?
Blog, Uncategorized

Payments using biometrics, are financial organisations ready?

Biometrics has largely been hailed as the future of consumer identification, authentication, and confirmation of transactions. Though in South Africa, Mastercard has been trialling a chip and PIN bankcard that includes a fingerprint reader, to date the technology has largely not appeared in Point of Sale (POS) devices or in more traditional payment areas. In […]

Identity theft – why criminals want more than just payment data
Blog, Cyber Risk, Uncategorized

Identity theft – why criminals want more than just payment data

Increasingly, over the last few years, criminals are specifically looking to gain access to consumers’ identity data and not just their payment data. The main reason for this is that with consumer identity data there are few limits to the fraudulent purposes the data can be used for, which makes it much more desirable. As […]

Keep your business safe from social engineering
Blog, FDUS - Managers, Uncategorized

Keep your business safe from social engineering

Social engineering, the act of psychologically manipulating a person to divulge confidential information or to carry out actions is becoming more common place.   Recently Indian police raided call centres and made arrests in which a large scale scam took place where the employees impersonated US Internal Revenue Service and other federal officials, demanding payments […]

Legacy systems and data – putting businesses compliance at risk?
Blog, Cyber Risk, Uncategorized

Legacy systems and data – putting businesses compliance at risk?

by Natasja Bolton, Senior Acquirer Support QSA   At the release of the PCI Scoping Guidance back in December 2016, the PCI Council highlighted the fact that “data breach investigation reports continue to find that companies suffering compromises were unaware that cardholder data was present on their compromised systems”.   Why is that?  Well, often […]

Ransomware – Steps that organisations and businesses need to take
Blog, Cyber Risk, Uncategorized

Ransomware – Steps that organisations and businesses need to take

The recent global ransomware attack, referred to as ‘WannaCry’, that resulted in over 45,000 attacks and infected major companies, hospitals and other government institutions, unfortunately caught many off guard. WannaCry targeted computers running Windows operating systems that had not been updated with a security update released by Microsoft in March 2017, as well as computers […]

Face-to-face payments: Mobile vs Plastic
Blog

Face-to-face payments: Mobile vs Plastic

By Paul Prior, Senior Vice President Client Engagement As recently reported (BBC, CNBC), Mastercard have just released a payment card with an in-built fingerprint sensor.  There is no question that the introduction of EMV has had a significant impact on driving down card-present fraud and while fingerprint scanners are not foolproof this type of biometric authentication […]

ASV external vulnerability scans explained
Blog, Uncategorized

ASV external vulnerability scans explained

Requirement 11.2.2 of the Payment Card Industry Data Security Standard, otherwise known as the ASV scanning requirement, affects a significant number of businesses. These businesses need to engage an Approved Scanning Vendor (ASV to run external vulnerability scans quarterly. It can be difficult for these companies to understand what ASV external vulnerability scanning is, what […]

Mobile Payments - Have they met consumer expectations?
Blog, Uncategorized

Mobile Payments – Have they met expectations?

By Natasja Bolton, Senior Acquirer Support QSA Mobile Payments, a broad term covering consumer and merchant-initiated mobile payment methods, have been gaining acceptance in the market place; however, have these methods achieved broad acceptance with consumers and businesses alike?   In our article ‘State of Pay – have mobile payments reached a turning point?’ we […]