PCI DSS compliance validation – What it means to be a Level 2 merchant This article is a guide to help you help your merchant customers understand what it means when they become a Level 2 merchant. Many of these merchants will already be familiar with the Payment Card Industry Data Security Standard (PCI DSS) […]
Keygens or key generator files can be used to produce keys or serial numbers to authenticate an application. These types of files are usually infected with some sort of virus as they come from questionable sources. This month our SOC (Service Operations Centre) team dealt with 6,843 automatic security actions and 187 SOC team interventions. […]
The ever-changing cyber security threat In May 2021, the East Coast of America suffered the effects of a large-scale ransomware attack that targeted Colonial Pipeline. This attack, which demanded $4.4 million, targeted the pipeline, which provides roughly 45% of all the fuel for the East Coast, causing prices to skyrocket and disruption for both businesses and […]
According to the National Cyber Security Centre “The majority of cyber security incidents are the result of attackers exploiting publicly disclosed vulnerabilities to gain access to systems and networks”. Cybercriminals’ attacks can make systems unusable, disrupt business activities or expose sensitive company information, personal data or payment card details to fraudulent and illegal use The […]
Last month we looked at how our Service Operations Centre (SOC) Team helped a merchant get rid of a sneaky piece of trojan malware on their device. While most trojans will stay on a device unbeknown to the merchant, Adware, which we will look at this week, is a different enemy altogether. If you’re infected […]
Last month we looked at how our Service Operations Centre (SOC) team was dealing with potentially unwanted programmes, you can read about this here. A different proposition we often come up against is Trojans. From our 5,179 automatic security actions and 988 SOC team interventions this month, we have dealt with our fair share of […]
‘Ask a QSA’ recently received the below question that we believe will be of interest to our readers. Client Engagement QSA, Natasja Bolton answers. What does the removal of the PCI PTS v3.0 PIN Entry Devices from the Approved list to Expired, mean for our merchants? On 1st April 2021, Visa issued a reminder that […]
Our SOC (Service Operations Centre) team offers Real-life threat protection. They are continuously fighting and preventing malicious viruses and malware on merchants’ devices. This month alone 2,678 automatic security actions took place while we had 445 SOC team interventions. Note: An automatic security action is when our security tools directly deal with the malicious file […]
It’s that time of year again, International Women’s Day (IWD)! A global day to celebrate the social, economic, cultural and political achievements of women. This year’s theme is #ChoosetoChallenge, and it goes without saying that the intersection of technology and payments provides a fulfilling career path full of challenges by working in a highly complex […]
Maria Donohue discusses her career progression so far at Sysnet. Your name and role at Sysnet. Hi my name is Maria and my current role within Sysnet is Head of operations for EMEA. Role you started in at Sysnet and when? I started in Sysnet Global solutions in July of 2016 as a contact centre […]
Introduction The Payment Card Industry Data Security Standard (PCI DSS), while undoubtedly benefitting both merchants and payment card holders, places significant demands on the resources of many acquirers. Most people involved in risk and compliance within the payments industry recognise these benefits; nevertheless running a merchant PCI DSS compliance management programme can be a […]
Mastercard has set a deadline for acquiring organisations to manage risk in their Level 4 Merchant portfolio. Mastercard’s updated Site Data Protection (SDP) Program rules expect PCI DSS compliance validation from your high-risk merchants. Mastercard requires all acquirers to have a Level 4 risk management programme in place to meet the updated SDP requirements. […]
by Natasja Bolton, Managing Information Security Consultant. [Published on 22/01/2020] EU Payment Services Directive (PSD2) & Strong Customer Authentication The revised EU Payment Services Directive (PSD2) is an update to the original 2007 Payment Services Directive (PSD) which created a single market for payments in the European Union (EU). Since 2007, new services offered […]
by Natasja Bolton, QSA, CISSP [17.34, 10/01/2019] Becoming a Level 2 or Level 1 merchant Most businesses, that accept branded cards for purchase of goods or services (merchant businesses) today, are already familiar with the annual process of accessing their acquiring bank’s compliance management portal to self-assess their compliance with the Payment Card Industry […]
by Michael Hopewell, Managing Information Security Consultant. Introduction Many businesses have heard about Point to Point Encryption (P2PE). Point of Sale vendors, service providers and others often mention its benefits to businesses: P2PE can reduce risk to payment card data by rendering it unreadable, minimise the number of systems and networks in scope for […]
In previous articles we have provided guidance on how organisations can protect themselves from ransomware and make sure they are prepared should they be hit by ransomware. Ransomware attacks are a successful and highly profitable criminal business model and, as we predicted in early 2017, ransomware attacks have continued to proliferate. Ransomware is a […]
Compliance with the PCI DSS (Payment Card Industry Data Security Standard) is mandatory for all businesses accepting cards for payment. The Standard ensures appropriate security protocols are applied to your payment acceptance environment to protect against fraud. In its simplest form, the process of achieving compliance involves a scoping (or profiling) stage, which determines […]
Lots of Internet-connected devices are available on the market and a popular theme now is devices to create a ‘smart home’, which includes smart door locks, surveillance/security cameras and heating control systems that can be monitored and controlled when you are away from the home. This ability to remotely connect to and integrate devices […]
Over the last few months, there has been a lot of noise around Blockchain and how it will revolutionise many aspects of our daily lives. One such area is the way we make payments for our goods and services. If we look at the credit card processing world, we currently have a system that involves […]
The 25th of May has come and gone. While many organisations were proactive in their preparations for aligning themselves with the GDPR, sadly many of your customers may still be the dark about the GDPR and what it means for them. The effects of the GDPR are coming, but should they still be worried? […]
On the 17th May 2018, the PCI SSC published the latest version of the PCI Data Security Standard: the PCI DSS v3.2.1. In this article we look at the changes that have been included in the updated Standard. These are also discussed in the PCI SSC’s summary of changes document. A new standard? This […]
Over the last few months, the PCI SSC has published a set of documents to establish a new program for the specification, testing, evaluation and PCI SSC listing of Software-based PIN entry on Commercial Off The Shelf devices (COTS) Solutions. Solutions also known as SPoC. The PCI DSS developed this new PCI Security Standard […]
‘PIN on Glass’ is a catchy phrase that the payments industry and solution vendors have been bandying about as the next big thing for payment card processing: point of sale solutions that will allow merchants to accept card payments using just their mobile device and with no need to purchase expensive hardware. This is […]
JUMP TO THE INFOGRAPHICS RELATED TO THIS BLOG POST >>> We see and hear many articles in the media about data breaches and talk of millions of records being stolen by faceless cybercriminals. But once this data is stolen and obtained by the individual or criminal organisation, what do they do with […]
Though 2018 hasn’t reached half way, the number of data breaches thus far in the US through to March 27th has seen more than 250 data breaches, with more than 5.4 million records exposed. In comparison to last year there has been a decline of 36% during the same period of time which saw 392 […]
By Sam Pfanstiel, QSA, QSA(P2PE), QPA, PA-QSA, SSF, SSA, SSLCA Ask a QSA recently received the following query from an acquirer and we felt that this may be of interest to our readers. Merchants had been asking their acquirer “how can we better secure our m-commerce channel?” It’s a good question. Recent research has shown […]
We regularly hear news stories about large corporations being hit with fines and suffering significant costs due to data breaches. Many small businesses believe themselves to be immune to this threat as they believe themselves to be “too small to be a target” or that they “don’t hold valuable data.” Sadly, this is no longer […]
Continuing on with our series of articles that focuses on challenges that many smaller businesses have, in this paper we highlight the risks cyber security poses to small businesses. We discuss how company data can be monetised by cybercriminals, why small businesses are at risk and the real cost of ignoring cyber security issues. Share […]
We previously wrote about the PCI DSS new controls that became mandatory and effective from 1st February 2018. In that article we highlighted the items that impacted merchants, some new controls that impacted only service providers and some that are common to both. This article discusses what is the intent of this control, what […]
By Judith Clark, QSA Consultant In recent years, numerous security reports have identified an increasing trend for intrusions affecting Point of Sale (POS) environments to have involved insecure remote access from service providers and their networks. As the ENISA points out, criminals are turning to network-based attacks against retailers’ POS infrastructure because attacks requiring physical […]
Businesses, in particular small to medium ones, often do not consider that they could be targeted by cybercrime. Unfortunately, the reality is that many small to medium businesses are now very much being targeted by cyber-criminals. The vast majority of criminals are opportunists, meaning that they will look to take advantage of any businesses that are […]
Ask a QSA recently received the following Primary Account Number (PAN) Truncation query and felt that this may be of interest to our readers. By Judith Clark, QSA Consultant With the forthcoming increase of Bank Identification Numbers (BINs) from six digits to eight digits, are there any PCI DSS compliance issues with showing […]
Cyber security is a wide-ranging term that can relate to a plethora of complicated issues that are far above the head of the average person. However, small businesses can take strides towards making themselves more secure by taking simple steps to secure their information by avoiding negligent security habits. These small practices begin with […]
With the Payment Card Industry Security Standards Council (PCI SSC) 30th June 2018 deadline fast approaching, it’s important that your customers are prepared to migrate to a secure version of TLS . Back in October of last year, Sysnet’s Natasja Bolton, Senior Acquirer Support QSA, highlighted the key factors as to what the TLS […]
Despite various approaches that some acquirers take to try and engage with businesses when it comes to compliance programs, some merchants simply do not engage. The traditional approach of driving compliance via non-compliance fees unfortunately doesn’t always produce results and can also lead to a negative association with the brand of the acquirer in the eyes […]
By Francis Kyereh, Information Security Consultant Maintaining payment security is required for all entities that store, process or transmit cardholder data. Guidance for maintaining payment security is provided in PCI security standards. These set the technical and operational requirements for organisations accepting or processing payment transactions. The PCI DSS Version 3.2, containing nine new requirements […]
When undertaking any kind of PCI DSS assessment, whether it is a formal assessment or self-assessment questionnaire (SAQ), the most important thing is ensuring that the scope is correct. Without an understanding of the scope, systems may be overlooked and/or insufficient security controls applied. This may lead to a risk of data breach. Conversely, […]
In part two of his 5 Cyber-predictions for 2018, Sysnet’s Juliusz Idzik continues in examining cyber threats that could impact organisations in a major way in 2018. If you missed the first part of this article or want a recap, then you can read it by clicking here. 4. Phishing methods and techniques […]
By Juliusz Idzik, Senior Information Security Consultant 2017 review During 2017 we witnessed some interesting but unnerving cyber campaigns that have forced many of us to rethink our security posture and whether our organisations are prepared to face sophisticated attacks. These campaigns use new, innovative tools that can pass traditional security mechanisms without any alert or […]
By Judith Clark, QSA Consultant With 95% of credit cards in Canada supporting contactless, 165 million contactless cards across Europe and one out of three card payments being contactless in the UK; the total amount spent in the UK is estimated to be approximately £23 billion for the first six months of 2017. The popularity […]
