Blog, Risk & Assurance

Ecommerce Security and PCI DSS compliance – Encouraging security awareness, Part 2

by Natasja Bolton, Acquirer Support Manager, Risk and Assurance Division In part 1 last week, I discussed how businesses may be putting themselves at risk by assuming that ‘PCI DSS compliant’ also meant secure, (for part 1 please click here).    Maybe what we should be doing is encouraging businesses to focus less on compliance as […]

Blog, Risk & Assurance

Ecommerce Security and PCI DSS compliance – A broader perspective on security, Part 1

by Natasja Bolton, Acquirer Support Manager, Risk and Assurance Division Ecommerce merchants are encouraged to reduce the risk of payment card data compromises in their online trading by outsourcing the acceptance and processing of cardholder data to validated PCI DSS compliant service providers.   The simplest and cheapest option for small ecommerce merchants is to […]

Articles, Blog, Risk & Assurance

Understanding the significance of Operations Security (OPSEC) in a fast evolving threat landscape

by Dr. Grigorios Fragkos, Senior Information Security Consultant, SysnetLabs It is not the first time a military term is being used by the Information Security community in order to describe an Information Assurance process. Operations Security (OPSEC) is a military term referring to the protection of different types of unclassified information which could end up […]

Blog, Risk & Assurance

Legacy systems and data could be risking merchant compliance

by Natasja Bolton, Managing Information Security Consultant At Sysnet we often find that merchants are prepared to make changes to reduce the complexity or risk in how they handle and process cardholder data. They’ll consider new solutions to reduce their assessment scope or minimise their exposure to cardholder data, for example; outsourcing card handling to […]

Blog, Risk & Assurance

The LogJam attack vulnerability – what you need to know

Logjam attack, a vulnerability that affects a number of major protocols has been discovered. The bug relates to a weakness within a cryptographic algorithm that is used in most protocols (such as HTTPS, SSH, IPsec, SMTPS, etc.) it is possible for a Man-in-The-Middle (MiTM) attacker to read and modify any data passed over the affected encrypted communication.   […]

Blog, Risk & Assurance

Merchant breach protection – minimising the impact in the event of an account data compromise

by Jason McWhirr, Information Security Consultant, Consulting Services Sysnet’s QSA community has observed that in recent months merchants have become bolder in challenging why compliance with the Payment Card Industry Data Security Standard (PCI DSS) is necessary for their business; challenging what they see as a costly and time-consuming imposition when they believe there is […]

Articles, Blog, Risk & Assurance

EU Data Protection Regulation

by Dr. Grigorios Fragkos, Senior Information Security Consultant, SysnetLabs The globalisation of data and the enormous technological developments of the last decade raises a number of new challenges when it comes to data protection and privacy. Current privacy legislation has not yet caught up with the technology boom when it comes to personal data, and […]

10 common myths about the Payment Card Industry Data Security Standard
Blog, FDUS - Associates, FDUS - Managers, Risk & Assurance, Videos

10 common myths about the Payment Card Industry Data Security Standard

The Payment Card Industry Data Security Standard and its requirements can sometimes be misinterpreted and can seem complex, especially for smaller businesses. In the following video ’10 common myths about the Payment Card Industry Data Security Standard’ we dispel some of the common myths concerning PCI DSS.    

What's the real cost of a data breach?
Blog, FDUS - Associates, FDUS - Managers, Risk & Assurance, Videos

What’s the real cost of a data breach?

Research shows that the cost of non-compliance with the PCI DSS can be two and a half times more expensive than protecting your customer’s data.   Small merchants are often not safer than larger ones, in fact they are more likely to be targeted by data thieves due to not investing in the necessary resources. […]

What is PCI DSS?
Blog, Risk & Assurance, Whitepapers

What is PCI DSS?

Natasja Bolton, Consulting Manager   Founded in December 2004 by 5 major card brands – Visa, Mastercard, American Express, Discover and JCB. The Payment Card Industry Data Security Standard or PCI DSS for short is a compliance standard that defines data security requirements relating to the processing, storage or transmission of cardholder data.   In 2006, the card […]