The updated PCI DSS version 3.2 is scheduled to be released at the end of April, in our previous post entitled ‘Council announce PCI DSS V3.2 update’ we looked at what was potentially making an appearance in the update. In this follow-up article, we examine the planned features to the new update that were presented by […]
By Natasja Bolton, Acquirer Support Manager The primary objectives (or attributes) of security (whether that be ‘information security’ or more recently ‘cyber security’) are encompassed in the CIA triad: Confidentiality, Integrity and Availability which are defined as: Confidentiality: ensuring that information is accessible only to those authorised to have access Integrity: ensuring the accuracy and […]
By Natasja Bolton, Acquirer Support Manager Back in late October 2015, we reported how some SMB’s were stating that the “EMV transition is overwhelming”. Fast forward nearly 5 months, the question arising is: how successful has the EMV roll out been so far? From a consumer perspective, the roll out has seen an estimated […]
In our experience we have found that the devil is in the detail when it comes to successfully engaging customers with a multichannel campaign. Changes or alterations that could easily be viewed as minor can often dramatically improve engagement rates. In the following infographic ‘Boost Your Campaign Engagement’ we examine the details that can […]
by Dr. Grigorios Fragkos, VP Cybersecurity Building a Security Operations Centre (SOC) is undoubtedly the best move you can make towards protecting not only your organisation’s data, systems and services, but also any sensitive information about your clients that you handle or store. This article is a brief overview of the task of building […]
The threat landscape over the last few months has changed considerably, vulnerabilities such as POODLE severely undermined what were considered to be strong cryptographic protocols. Though it’s been less than a year since the last version of the Payment Card Industry Data Security Standard (PCI DSS) was released, the PCI Security Standards Council have […]
by Dr. Grigorios Fragkos, VP Cybersecurity Back in August 2015, Sysnet discussed the complexity of what the term CyberSecurity represents, especially in the context of today’s threat landscape. This complexity is not only constantly increasing but it is also expanding at an exponential rate. The risks involved demand constant attention and very good understanding of […]
By Natasja Bolton, Acquirer Support Manager In our December Ecommerce article we discussed the European Banking Authority’s (EBA) new guidelines for the security of internet payments and the possibility that, with the need to enhance protection of consumers against online payment fraud, presenting Payment Service Provider (PSP) hosted payment pages in iFrames may no longer be acceptable. […]
Increasing and maintaining PCI DSS compliance can be a challenge, many factors often come into play, from how customers are engaging with their PCI programme to what channel and communications are compelling them to take action. Every communication channel has a value and a benefit, understanding when to implement which channel and at what stage […]
By Natasja Bolton, Acquirer Support Manager It’s suspected that several of the large retail chains that suffered major data breaches in the past few years were running 14 year old software Windows XP Embedded SP3, a Windows XP operating system version that is used by retailers of all sizes in their Point-of-Sale (POS) systems, and […]
Over the past number of years the merchant aggregator model has become more and more popular to the point where it might even be considered commonplace. These enterprises that essentially bring together a fragmented marketplace, funnel and process multiple merchant transactions through a single account. Well-known merchant aggregator brands such as Paypal, Checkout by […]
By Natasja Bolton, Acquirer Support Manager Although PCI DSS is a prescriptive set of requirements focussed on payment card data and most cyber-security guides do not go to the same level of detail, being high-level recommendations and advice without specific measures of the achievement of the risk reduction objective, the Cyber Essentials Scheme does cover a […]
by Dr. Grigorios Fragkos, VP Cybersecurity Ransomware, a malware that prevents or in some cases limits users from accessing their data has been on the rise. Last year, 2015 saw a considerable increase with Crowti (also known as CryptoWall) and FakeBSOD being the two instances that affected more than 850,000 systems between June and November. […]
According to a recent announcement, Visa will now require 100% of level 4 merchants in the US and Canada to have validated their PCI DSS compliance annually starting January 31st 2017. Whilst it has always been necessary for level 4 merchants to be compliant, these new rules will ensure that a consistent level of card […]
by Dr. Grigorios Fragkos, VP Cybersecurity The Cyber Liability Insurance Cover (CLIC) or otherwise referred to as cyber insurance, is a market that grew significantly in 2015. One of the main factors that significantly contributed to this growth is the constant increase of threats in the cyber space and more specifically the high profile data breaches that […]
by Jason McWhirr, Information Security Consultant One of the most important (and underused) first steps for any business or service provider when undertaking PCI DSS is to understand how cardholder data is used within their organisation, its people, departments, and systems. Without first knowing this, it is impossible to know which parts of their organisation […]
Every engagement with a client provides an opportunity for you to strengthen your relationship with them. By ensuring that each contact makes them feel that they have a strong business partner that they can trust, rely on, and build their business with, you are fueling their loyalty and strengthening your customer relationship. Conversely, each […]
Following significant feedback from the global PCI community and security experts, the PCI Security Standards Council (PCI SSC) has extended the migration completion date for transitioning from SSL and TLS 1.0 to a secure version of TLS (currently v1.1 or higher) to 30 June 2018. This change gives organisations struggling to move away from […]
By Natasja Bolton, Acquirer Support Manager As we discussed in the Ecommerce SAQ Selection guide, business seeking to minimise their PCI DSS compliance obligations for their ecommerce payment channel often outsource all capture and processing of payment card data to validated PCI DSS compliant payment service providers (PSPs). The most common method of doing […]
There’s no doubt about it, attrition costs and it’s certainly not an easy pill to swallow. In the U.S. acquirers suffer on average attrition rates of 22% and at the high end it can even reach 36%. The cost of attrition to the industry is substantial, in fact some reports have stated that on […]
by Natasja Bolton, Acquirer Support Manager On 7th December 2015 it was announced that the European Parliament, the European Council and the European Commission have agreed on the first EU-wide legislation on cybersecurity: the EU Network and Information Services (NIS) Directive. With the emerging threat of cyber-attacks, it is hoped that the NIS directive will […]
Many factors can impact the effective delivery of a PCI programme for acquirers, processors and ISOs. From how customers are engaging with their PCI programme to what channel and communications are compelling them to take action. Download our Best Practice Guide where we take a look at how an omni-channel approach can improve customer […]
by Natasja Bolton, Acquirer Support Manager Business customers engage with all manner of third party service providers to support their business, whether that be IT support providers, data centres, offsite storage providers, hosting providers or payment processors. What is not always understood is that outsourcing a business operation or buying in a service […]
by Natasja Bolton, Acquirer Support Manager Most small and medium-sized merchants rely on an online compliance portal, such as our Sysnet.air solution, to determine the appropriate SAQ for their PCI DSS self-assessment. SAQ determination is based on the merchant’s completion of a series of questions on their payment channels and payment processing methods. For many merchants […]
by Dr. Grigorios Fragkos, VP Cybersecurity Two new malware files have been identified targeting point-of-sale (POS) terminals called AbaddonPOS and Cherry Picker. The AbaddoPOS malware is delivered by the Angler Exploit Kit or through an infected Microsoft Office document. The malware targets the memory of all processes running on the infected system (excluding its own […]
by Jason McWhirr, IS Consultant Not surprisingly, most retailers are focussed on their customers and sales, using the tools that best facilitate that, not on security systems to protect cardholder data – despite the hazards that a data breach could present. Sysnet’s contact centre and acquirer support teams help retail merchants with their annual […]
With the EMV transition deadline of October 1st having passed, many small business have still not upgraded their terminals to the new standard and many are not aware of the financial and legal liabilities that they are now responsible for. In fact many small business are feeling overwhelmed, according to a recent article on Paymenteye.com. […]
Last week we posted about the recent ruling by the European Court of Justice that deemed the Safe Harbour framework, in place to protect the security of European citizens’ data held in the US, invalid. Amid the current environment of mass surveillance, brought to light by the revelations of Edward Snowden, MEPs supported by […]
Safe Harbour agreement ruled invalid – Part 1 On Tuesday 6 October, the European Court of Justice ruled that the safe harbour agreement designed to ensure the security of EU citizens’ data was invalid. This is a judgement with far reaching consequences for businesses on both sides of the Atlantic. The Safe Harbour agreement […]
With the EMV deadline of October 1st 2015 here and gone a reported 85% of merchants not being aware of the financial and legal liabilities they’ll be responsible for, we look at what impact it will have on merchants. In the infographic “Bye, bye magnetic-stripe, hello microchips” we examine the key impacts the EMV […]
By Patrick Condren, Ph.D., Chief Information Officer To even ask the question “Is Big Data a Goldmine or a Money Pit?” is almost heresy in business and in particular in IT, these days. However, it is a fair question given the enthusiastic headlong ‘gold’ rush by so many companies to ‘get into big data before […]
With 85% of merchant businesses unaware of the financial and legal liabilities they’ll be responsible for starting at the beginning of October, we take a look at the key impacts that will affect these businesses. “Download our whitepaper: Taking-Care-of-Business-in-the-U.S. where we examine what the impact the EMV roll out will have on merchants and list potential […]
by Dr. Grigorios Fragkos, VP Cybersecurity Many articles have been written about cybersecurity, most have focused on the broad meaning of the term and in some cases have treated cybersecurity as an off-the-shelf product. The truth is that cybersecurity is more complicated than that. In this article, we will discuss some of the reasons […]
by Paul Prior, SVP Client Engagement VISA Inc, in a bulletin issued the middle of last year outlined enhancements to their PCI DSS Enforcement Plan for merchants and service providers. The plan defined a structure of escalating consequences for entities either with expired PCI DSS Compliance or those who have never demonstrated PCI DSS […]
by Jason McWhirr, Acquirer Support Consultant Back in June, the PCI Security Standards Council (PCI SSC) release version 2.0 of the Point to Point Encryption (P2PE) standard. What is P2PE? A P2PE system in a retail environment is designed to securely encrypt cardholder data from a merchant’s POI (Point of Interaction) device or POS […]
by Dr. Grigorios Fragkos, VP CyberSecurity It is strongly suggested you verify that the Web Browsers you are using have been updated to the latest version and if you have Adobe Flash Player installed in your system, make sure you have downloaded the latest version from the official URL: https://get.adobe.com/flashplayer/. In order to […]
by Dr. Grigorios Fragkos, VP CyberSecurity Even though the malware Dyre that was used in the phishing campaign against UK High Street Banks first appeared last year, there has been a recent surge in its spread. It has been reported that spam servers were used to send 19K emails to UK customers of RBS, Barclays, […]
On June 11th 2015, an updated version of OpenSSL was released. However, it was disclosed yesterday that it contained a serious certificate validation error. Luckily, the vulnerability was discovered quickly enough (two weeks ago) and once it was made public, a patch was also made available. To read more on the Open SSL Vulnerability please […]
by Natasja Bolton, Acquirer Support Manager, Risk and Assurance Division In part 1 last week, I discussed how businesses may be putting themselves at risk by assuming that ‘PCI DSS compliant’ also meant secure, (for part 1 please click here). Maybe what we should be doing is encouraging businesses to focus less on compliance as […]
by Natasja Bolton, Acquirer Support Manager, Risk and Assurance Division Ecommerce merchants are encouraged to reduce the risk of payment card data compromises in their online trading by outsourcing the acceptance and processing of cardholder data to validated PCI DSS compliant service providers. The simplest and cheapest option for small ecommerce merchants is to […]
