The deadline for the Visa security program’s new annual compliance requirement for Level 4 merchants is getting closer. Starting from January 31st 2017 all US and Canadian acquired Level 4 merchants are required to validate their compliance with the Payment Card Industry Data Security Standard (PCI DSS) yearly. Or if eligible, the merchants must be […]
The end of October marked the one year anniversary of EMV. As expected there have been a few highs and lows during this time. The transformation has overall been successful with fraud largely dropping and consumer adaptation at a high, however small to medium businesses still have a way to go in relation to getting […]
By Natasja Bolton, Senior Acquirer Support QSA In our previous articles on the progress of the EMV deployment in the U.S. we noted that EMV was expected to drive criminals away from Card Present counterfeit card fraud to Card Not Present (CNP) fraud. CNP fraud has indeed proliferated in the U.S. since the […]
In a previous article, written by Sysnet’s Paul Prior, Paul mentioned how he believed that a change was necessary in the industry. A move away from using non-compliance fees as a mechanism to drive engagement and compliance. He highlighted that most of Sysnet’s clients are evangelising the importance of PCI DSS, however not […]
By Paul Prior, Senior Vice President Client Engagement In light of the upcoming US presidential election, it occurred to me that it would be fun (and worthwhile) to reflect on a previous campaign message from a different Clinton in the context of our business. In 1992, James Carville was the campaign strategist for Bill Clinton who […]
Non-compliance fees are viewed by many as an acceptable short-term solution to a merchant’s unwillingness to engage with a compliance program. However, often despite the best efforts by acquirers, some merchants continue to remain disengaged. So when a merchant ignores notifications regarding their non-compliance status and the application of non-compliance fees, it may be […]
By Natasja Bolton, Senior Acquirer Support QSA The General Data Protection Regulation, or GDPR for short, will affect the processing and movement of the personal data of the approximately 500 million citizens populating the EU Member States. The new legislation will apply across all EU Member States from 25th May 2018. Furthermore, the […]
Michael Hopewell, Managing Information Security Consultant When a breach is reported in the media, more often than not it’s the well-known large companies that make the headlines. In reality cybercriminals are more successful in attacking smaller companies. The reason for this is that smaller businesses often have fewer resources and as a result are […]
By Natasja Bolton, Senior Acquirer Support QSA October 2016 is Cyber Security Awareness Month which runs under the banner of STOP. THINK. CONNECT, and aims to help everyone (private citizens and businesses) to stay safer and more secure online. We believe it is a great opportunity to reach out to your small to medium business […]
By Natasja Bolton, Senior Acquirer Support QSA Back in June, Sysnet reported on SHA-1 based certificates and why support was ceasing. In that article we also examined the potential impact on ecommerce businesses. Recently, the PCI Security Standards Council (PCI SSC) has released their own guidance on SHA-1 in the form of a Frequently Asked […]
By Natasja Bolton, Senior Acquirer Support QSA In 2012, Mastercard published the results of their survey of the global mobile payments landscape in their Mastercard Mobile Payments Readiness Index. The survey recognised that while mobile payments adoption has dependencies on six major elements from infrastructure and financial services to regulation, the critical success factor for […]
With ransomware showing no signs of disappearing soon, a central repository website entitled “No-More-Ransom” has been established to disrupt cybercriminal businesses with ransomware connections. Europol’s European Cybercrime Centre has teamed up with the National High Tech Crime Unit of the Netherlands’ police, and two cyber security companies to offer advice and troubleshooting services. A […]
By Jason McWhirr, Information Security Consultant What is the PCI DSS Prioritised Approach? Merchants with more complex payment systems or payment processes that do not fit into the shortened SAQs (A, A-EP, B, B-IP, C & P2PE) are required to complete SAQ D or may require an on-site assessment (for merchants with larger amounts of […]
By Gerald McGauley, Head of Contact Centre When a customer reaches out for assistance they are looking for a person that will understand and assist them, not a machine with automated, monotone answers. To that end when evaluating our associates on their customer interactions they key questions we look to answer are; Did you […]
By Jason McWhirr, Information Security Consultant When it comes to processing cardholder data, many businesses these days will often use more than one method. Whether they are using a point of sale (POS) device or taking online payments one thing is clear, all payment card data must be protected by implementing the security controls in […]
By Natasja Bolton, Senior Acquirer Support QSA On August 8th, 2016 Oracle issued a letter informing their MICROS customers that malicious code had been detected in certain legacy systems and advising on the actions their customers should take. Oracle’s letter and subsequent FAQs did not give details of the root cause of the MICROS […]
Security and compliance is a lot like having to do taxes, it’s a chore. Most businesses understand that it is important to be secure and compliant, but the complexity and time that it can take can indeed be off putting. In fact some businesses turn to accountants to look after their compliance with standards such […]
‘Ask a QSA’ recently received the below question that we believe will be of interest to our readers. Seasoned QSA, Natasja Bolton answers. Do fuel cards need to be included in PCI DSS compliance? In my experience and my QSA colleagues here at Sysnet, we do not believe that there are card scheme branded […]
By Natasja Bolton, Senior Acquirer Support QSA In our recent data breach article, we discussed the need for businesses to consider both their Payment Card Industry Data Security Standard (PCI DSS) and legal obligations when planning for security incidents and data breach reporting. In this article we discuss the recently published EU directive on Network […]
Through our multi-channel contact services centre, we deliver exceptional contact centre services. Our Global Operations Centre provides flexible, on-demand services to help you meet your business objectives. Our Global Operations Centre is based in Dublin, Ireland. We use a combination of outstanding people, best-in-class technology and quality assurance programmes to make sure […]
By Jason McWhirr, Information Security Consultant Globally, criminals are increasingly abandoning the more traditional approaches to crime. They are looking to the internet for their targets and using it as their preferred route to perpetrate criminal activity. The UK National Crime Agency’s Cyber Crime Assessment 2016 reports that cybercrime has now over taken traditional crime […]
By Natasja Bolton, Senior Acquirer Support QSA In order to help your merchant businesses with the definition and documentation of their Incident Response Plan, Sysnet has created a template document – Download the Security Incident Response Plan Template. All merchants self-assessing their Payment Card Industry Data Security Standard (PCI DSS) compliance now need […]
Businesses that accept payment cards for goods or services are often targeted by criminals who will attempt to tamper or substitute their card reading device. Regular inspection of payment card terminals and PIN entry devices is one of the most effective ways that businesses can ensure that their devices are secure from tampering and substitution. In the […]
We recently reported that Sysnet’s Natasja Bolton, Senior Acquirer Support had contributed to the development of new payment resources to help small merchants and their banks defend against cybercrime. In this follow-up article we asked Natasja to elaborate further on what her role entailed and how she contributed to the development of this new vital […]
By Natasja Bolton, Senior Acquirer Support The EMV roll out across the U.S was never going to be an easy task; with so many organisations and businesses affected by the change it was bound to be challenging. However, impressive progress has been made: since December 2015, 766,000 merchant locations have been chip-enabled in the U.S, […]
Sysnet is pleased to announce that we are now a Qualified Integrator and Reseller (QIR) provider. The PCI Security Standards Council accreditation, allows qualified companies to implement, configure, and/or support validated PA-DSS Payment Applications on behalf of merchants or service providers for the purposes of performing Qualified Installations as part of the QIR Programme. […]
By Jason McWhirr, Information Security Consultant It will come as no surprise that the Report on Compliance (RoC) template has also been updated as part of the roll out of Payment Card Industry Data Security Standard (PCI DSS) version 3.2. For those not so familiar with the template, it applies to all level 1 […]
By Natasja Bolton, Senior Acquirer Support Businesses like the iFrame method as it allows them to entirely outsource the capture and processing of cardholder data. The data is outsourced to a validated Payment Card Industry Data Security Standard (PCI DSS) compliant Payment Service Provider (PSP). From a consumer perspective it offers a streamlined checkout […]
By Natasja Bolton, Senior Acquirer Support The Prioritised Approach for PCI DSS, has been updated by the PCI Council to reflect the updated PCI DSS version 3.2. As most of you will know, the Prioritised Approach and its associated Excel Tool offers a risk-based, incremental approach to PCI DSS compliance. It defines six security milestones […]
By Natasja Bolton, Senior Acquirer Support In 2015 use of the 20 year old SSL security protocol for encryption of sensitive data in transmission was deprecated (in PCI DSS v3.1) to encourage ecommerce businesses to migrate to TLS (Transport Layer Security). In 2016, further technology changes are underway that will impact those of your customers […]
The updated 3.2 Payment Application Data Security Standard (PA-DSS) is scheduled to be released tomorrow, June 1st, 2016 by the PCI Council. In this article we examine what the main impacts of the update are. The new version of PA-DSS comes into effect from 1st June 2016 and version 3.1 is retired on 31st […]
By Natasja Bolton, Senior Acquirer Support SAQ A v3.2 has introduced a number of changes to the self-assessment that will impact your customers that have chosen to outsource the handling and processing of cardholder data to external third party providers. Although the fundamental expectation of SAQ A has not changed (that all payment […]
Natasja Bolton, Senior Acquirer Support, investigates We previously wrote about the release of PCI P2PE Version 2 and its impact for acquirers and their merchants. In this follow-up article we explore an issue that has come to Sysnet’s attention: that many terminal solution providers and point-of-sale (POS) vendors appear to be actively avoiding P2PE […]
In a previous article we provided a quick guide to PCI DSS v3.2 to assist you with navigating the updated standard, if you haven’t read it yet we encourage you to do so. In this follow-up article, we examine what are the impacts that v3.2 brings to the various SAQ types. The impact on […]
by Gavin Merriman, Training and Development Manager Having started in the contact centre myself, and now as the Training and Development Manager of Sysnet University, I understand how important and pivotal it is to provide the right tools and training to our associates. Unlike other contact centres, our associates are required to provide a diverse […]
By Natasja Bolton, Senior Acquirer Support In order to assist you with navigating the updated standard we’ve prepared the following easy to reference Guide to PCI DSS v3.2. For a more in-depth review of PCI V3.2 we recommend reading the article PCI DSS v3.2 – What’s changed. Guide to PCI DSS v3.2 Key Dates […]
By Natasja Bolton, Senior Acquirer Support On the 28th April 2016, the PCI SSC published the latest version of the PCI Data Security Standard: the PCI DSS v3.2. We previously wrote about the changes that the council had planned for v3.2, in this follow-up article we examine the changes that have been included in the […]
“[Unfamiliar acronyms] create false economies. They may save a few words, but they may also frustrate and force the reader to take more time and effort to understand the document.” U.S. Securities and Exchange Commission, Plain English Handbook. Most sectors have their own industry jargon and acronyms, familiar to those working within the industry […]
By Natasja Bolton, Senior Acquirer Support Face to face card payment transactions generate two receipts – the cardholder copy, on which the Primary Account Number (PAN) must be truncated, and the merchant copy which will usually show the full PAN. Businesses are well aware that they must retain their merchant copy receipts in […]
By Jason McWhirr, Information Security Consultant It is commonplace for organisations to ask consumers to provide Personally Identifiable Information (PII) to prove identity, strengthen authentication mechanisms, and speed-up payments. Most organisations will have an identity profile of each of their consumers that incorporates PII data. This includes common fields such as; address, date of […]
