by Anne Wood, Quality Service Delivery Manager Since the introduction of PCI DSS, acquirers and card brands have placed increasing pressure on merchants to report compliance with the standard. Compliance in itself is often seen as a check-box exercise, and with self-assessment based reporting for a majority of organisations, there is a risk that this […]
by Paul Prior, SVP Client Engagement Much has been written over the past number of months in the payments industry regarding the adoption of EMV in the US and yet there remains an unfortunate misconception that its introduction means that PCI DSS “goes away”. The reality however is that this is not the case […]
by Dr. Grigorios Fragkos, Senior Information Security Consultant, SysnetLabs It is not the first time a military term is being used by the Information Security community in order to describe an Information Assurance process. Operations Security (OPSEC) is a military term referring to the protection of different types of unclassified information which could end up […]
by Natasja Bolton, Managing Information Security Consultant At Sysnet we often find that merchants are prepared to make changes to reduce the complexity or risk in how they handle and process cardholder data. They’ll consider new solutions to reduce their assessment scope or minimise their exposure to cardholder data, for example; outsourcing card handling to […]
Logjam attack, a vulnerability that affects a number of major protocols has been discovered. The bug relates to a weakness within a cryptographic algorithm that is used in most protocols (such as HTTPS, SSH, IPsec, SMTPS, etc.) it is possible for a Man-in-The-Middle (MiTM) attacker to read and modify any data passed over the affected encrypted communication. […]
The VENOM Vulnerability, a recently discovered critical flaw in the QEMU’s virtual Floppy Disk Controller (FDC) affects numerous virtualisation platforms and appliances such as Xen, KVM, and the native QEMU. As far as we know, to date, it does not impact VMware, Microsoft Hyper-V, and the Bochs hypervisors. The bug’s name is an acronym […]
Helping our client’s customers to meet their compliance requirements as quickly and as painlessly as possible are key goals for Sysnet’s white labelled compliance management solution. Just one of the ways we achieve these goals is to provide download-able information a security policy template. This policy template is designed to assist customers with protecting their […]
by Anne Wood, Managing Information Security Consultant When we work with clients tackling compliance for the first time, we generally find one of two scenarios. In the first, organisations have a comprehensive suite of documents but lack in operational processes. In the second, we see a reasonable level of operational process but a lack of […]
By Jeff Montgomery, Principal Information Security Consultant On the 13th of February, the PCI Standards Security Council (SSC) released an official statement confirming the impending release of a new version of the PCI DSS and PA DSS. They also released a follow up statement on the 25th of March. What we know As the […]
by Jason McWhirr, Information Security Consultant, Consulting Services Sysnet’s QSA community has observed that in recent months merchants have become bolder in challenging why compliance with the Payment Card Industry Data Security Standard (PCI DSS) is necessary for their business; challenging what they see as a costly and time-consuming imposition when they believe there is […]
Though EMV Chip technology (chip and pin) has been effective in decreasing card fraud, criminals are increasingly using new methods to compromise data. From July 1st 2015, requirement 9.9 will be enforced by the Payment Card Industry Security Standards Council (PCI SSC). This requirement will ensure that merchants have controls and countermeasures in place […]
by Dr. Grigorios Fragkos, Senior Information Security Consultant, SysnetLabs The globalisation of data and the enormous technological developments of the last decade raises a number of new challenges when it comes to data protection and privacy. Current privacy legislation has not yet caught up with the technology boom when it comes to personal data, and […]
Many acquiring organisations find it challenging to get their small and medium sized merchants to engage with their PCI DSS compliance programmes. The main reason for this is that the PCI DSS validation process can be quite daunting for business owners who are consumed with the day-to-day running of their business but have not […]
by Dr. Grigorios Fragkos, Senior Information Security Consultant, SysnetLabs Over the past few years, cyber security has become a high priority task on the agenda of every organisation that wants to: prevent unpleasant security incidents, avoid being breached by sophisticated attacks and Advance Persistent Threats, detect malicious activity which is specifically designed to evade detection […]
Managing the PCI compliance of large, complex merchants is a real challenge for acquiring organisations. Working with some of the world’s largest acquirers has given Sysnet a deep insight into how those organisations manage their VIP merchants’ PCI DSS compliance and associated reporting requirements and more importantly, into the common issues they face when managing […]
by Paul Prior, Chief Product Officer Despite the fact that the PCI DSS has been around for more than a decade now and that version 3.0 has recently been published, there remains some confusion about what makes a merchant compliant. This is particularly evident in the Level 4 space, largely resulting from a general deficit […]
by Ferdinand Roberts, Global Head of Sales & Strategic Partnerships Anyone who has ever taken the time to examine the dynamics of markets will notice the cyclical characteristics they exhibit over time. Apart from the economic theory that surrounds this, to me, it suggests something more fundamental. At the heart of many of these cycles […]
Payment processing is often viewed as a commodity because in the majority of cases the service characteristics are undifferentiated. The technologies used and the services offered are often quite similar making it relatively easy for a merchant to move from one provider to the next. This can result in a scenario where merchants move from […]
by Executive Vice President, Strategy, Dr. Branden Williams ETA’s Transaction Trends publication recently featured an article by Darrel Anderson entitled Why PCI Compliance Isn’t Working. In it, he describes one of the problems that we’ve been exploring here over the last month or so—incentive structures for PCI DSS. At the ETA Strategic Leadership Forum, […]
If your organisation stores card data, you have an obligation under the Payment Card Industry Data Security Standard to protect it. Cardholder data is any information contained on a customers’ payment card. The primary account number or PAN, card security code, cardholder name and expiration date are printed on the front of the card and […]
The Payment Card Industry Data Security Standard and its requirements can sometimes be misinterpreted and can seem complex, especially for smaller businesses. In the following video ’10 common myths about the Payment Card Industry Data Security Standard’ we dispel some of the common myths concerning PCI DSS.
If you outsource card payment services remember that you are responsible for the security of the card data that you pass on to third parties. If those third parties are non-compliant with PCI DSS, you should not pass on data to them. Even when they are compliant don’t allow them to affect your ability […]
It’s well known that creating positive customer experiences helps to build brand loyalty, but many acquiring organisations struggle to deliver those positive experiences for all of their customers, all of the time. Implementing a customer engagement programme can help you to deliver those positive experiences on a regular basis. However, quality customer engagement programmes […]
Research shows that the cost of non-compliance with the PCI DSS can be two and a half times more expensive than protecting your customer’s data. Small merchants are often not safer than larger ones, in fact they are more likely to be targeted by data thieves due to not investing in the necessary resources. […]
While the Payment Card Industry Data Security Standard (PCI DSS) has long been a critical consideration for merchants, many businesses are still failing to make the fulfillment of these requirements a top priority. Whether a merchant is apathetic, deems these regulations too costly or difficult to adhere to, or simply doesn’t know where to […]
Passwords can unlock a wealth of information including your finances and your personal history. In business they can give unlimited access to company information and resources that can easily lead to a range of crimes and scams being perpetrated. Don’t be the weakest link – choose your password wisely. Treat your password like your […]
Businesses that accept payment cards are required to be Payment Card Industry Data Security Standard (PCI DSS) compliant. Compliance is mandatory for any business that accepts payment cards. Even if a business only takes payment over the phone, uses a third party for all payment processing services and doesn’t retain any cardholder data, PCI DSS […]
By Paul Prior, Chief Product Officer, Sysnet Global Solutions The Payment Card Industry Data Security Standard (PCI DSS), while undoubtedly benefitting both merchants and payment card holders, places significant demands on the resources of many acquirers. Most people involved in risk and compliance within the payments industry recognise these benefits; nevertheless running a merchant PCI […]
By James Devoy, CISO & Global Head of Consulting A Qualified Security Assessor (QSA) is a person who has been certified by the PCI Security Standards Council to audit organisations for the Payment Card Industry Data Security Standard. If you need QSA services, it is very important that you choose the right one for you. They should understand […]
Merchant aggregators, or enterprises that funnel and process multiple merchant transactions through a single account, have gained increasing attention in recent years. Payment’s Journal reported that as merchants deploy mobile-card acceptance, it’s important that these firms can process millions of transactions by linking them to a single account. And with the rise in mobile payments, […]
As the acquiring industry heats up with competition, merchant cross-selling is a crucial strategy for success. The time, money and effort that goes into procuring new business can be draining to many organisations, but by focusing on existing relationships as well, an acquiring firm has the chance to drive profit more easily. According to […]
Merchant retention remains a top challenge and major priority for many acquiring organisations, as churn rates can greatly hinder success. In fact, a recent Discover study determined that merchant attrition in the United States is approximately 20 per cent annually, of which 16 per cent switch to an alternate acquirer and 4 per cent go out of business entirely. Moreover, […]
All businesses that accept payment cards for goods or services, regardless of size, have important obligations that they must be aware of. Credit and debit card information is extremely valuable and businesses must therefore be aware that they are responsible for the security of this data, from the moment they take a card for payment […]
Natasja Bolton, Consulting Manager Founded in December 2004 by 5 major card brands – Visa, Mastercard, American Express, Discover and JCB. The Payment Card Industry Data Security Standard or PCI DSS for short is a compliance standard that defines data security requirements relating to the processing, storage or transmission of cardholder data. In 2006, the card […]
