What you need to know about Point to Point Encryption
Articles, Blog, Cyber Risk

What you need to know about Point to Point Encryption (P2PE)

by Michael Hopewell, Managing Information Security Consultant.   Introduction Many businesses have heard about Point to Point Encryption (P2PE). Point of Sale vendors, service providers and others often mention its benefits to businesses: P2PE can reduce risk to payment card data by rendering it unreadable, minimise the number of systems and networks in scope for […]

0 Shares
Identity theft – why criminals want more than just payment data
Blog, Cyber Risk, Uncategorized

Identity theft – why criminals want more than just payment data

Increasingly, over the last few years, criminals are specifically looking to gain access to consumers’ identity data and not just their payment data. The main reason for this is that with consumer identity data there are few limits to the fraudulent purposes the data can be used for, which makes it much more desirable.   […]

0 Shares
Legacy systems and data – putting businesses compliance at risk?
Blog, Cyber Risk, Uncategorized

Legacy systems and data – putting businesses compliance at risk?

by Natasja Bolton, Senior Acquirer Support QSA   At the release of the PCI Scoping Guidance back in December 2016, the PCI Council highlighted the fact that “data breach investigation reports continue to find that companies suffering compromises were unaware that cardholder data was present on their compromised systems”.   Why is that?  Well, often […]

0 Shares
Ransomware – Steps that organisations and businesses need to take
Blog, Cyber Risk, Uncategorized

Ransomware – Steps that organisations and businesses need to take

The recent global ransomware attack, referred to as ‘WannaCry’, that resulted in over 45,000 attacks and infected major companies, hospitals and other government institutions, unfortunately caught many off guard.   WannaCry targeted computers running Windows operating systems that had not been updated with a security update released by Microsoft in March 2017, as well as […]

0 Shares
Hospitality Sector Under fire: Security incident targeting Sabre’s SynXis hotel reservation system 
Cyber Risk, Uncategorized

Hospitality Sector Under fire: Security incident targeting Sabre’s SynXis hotel reservation system 

By Peter Burgess, PCI-QSA, CISSP, CISM (Ret), CIPT US based travel industry company Sabre Hospitality Solutions, which provides SaaS (Software as a Service) to more than 36,000 properties, has alerted hotels that a hacker has apparently breached its SynXis Central Reservations application SynXis Enterprise Platform and may have stolen payment card data and customer personal […]

0 Shares
How PCI DSS builds layers of protection
Articles, Blog, Cyber Risk

How PCI DSS builds layers of protection

By Natasja Bolton, Acquirer Support Manager The primary objectives (or attributes) of security (whether that be ‘information security’ or more recently ‘cyber security’) are encompassed in the CIA triad: Confidentiality, Integrity and Availability which are defined as: Confidentiality: ensuring that information is accessible only to those authorised to have access Integrity: ensuring the accuracy and […]

0 Shares