Many businesses are often unaware that ensuring their payment terminals are part of a Point-to-Point Encryption (P2PE) Solution can carry considerable benefits when it comes to simplifying their PCI DSS compliance. As we discovered here at Sysnet, the reason why many businesses are not aware of P2PE and its benefits is that they often find […]
Some businesses will spend large amounts of time as well as money on encryption software and firewalls but then neglect the physical security of their business. Physical security is often overlooked and the impact of a physical breach can be the same as a computer breach. One of the most common occurrences during a […]
Sensitive information is data that is required to be protected from being accessed by unauthorised parties. This is done as to safeguard the security and the privacy of an individual or organisation. The three main types of sensitive information that exist are: personal information, business information and classified information. Personal Information Personal information is […]
by Natasja Bolton, Senior Acquirer Support QSA The UK Cards Association’s 2017 report on UK Card Payments, released on 19th June 2017, reported a doubling of debit and credit card purchases in the last 10 years. The volume of card transactions reached 16.4 billion in 2016, an increase of 146% from 2006, even though the […]
Biometrics has largely been hailed as the future of consumer identification, authentication, and confirmation of transactions. Though in South Africa, Mastercard has been trialling a chip and PIN bankcard that includes a fingerprint reader, to date the technology has largely not appeared in Point of Sale (POS) devices or in more traditional payment areas. […]
An account data compromise is when cardholder information has been obtained by an unauthorised person who intends to commit fraud. The opportunity can occur when businesses or designated third parties store cardholder data incorrectly in an unencrypted format. Common ways that fraud can occur includes theft from the premises of a business, physically or electronically, […]
Increasingly, over the last few years, criminals are specifically looking to gain access to consumers’ identity data and not just their payment data. The main reason for this is that with consumer identity data there are few limits to the fraudulent purposes the data can be used for, which makes it much more desirable. […]
Social engineering, the act of psychologically manipulating a person to divulge confidential information or to carry out actions is becoming more common place. Recently Indian police raided call centres and made arrests in which a large scale scam took place where the employees impersonated US Internal Revenue Service and other federal officials, demanding payments […]
by Natasja Bolton, Senior Acquirer Support QSA At the release of the PCI Scoping Guidance back in December 2016, the PCI Council highlighted the fact that “data breach investigation reports continue to find that companies suffering compromises were unaware that cardholder data was present on their compromised systems”. Why is that? Well, often […]
May 17th 2017. Today, Sysnet Global Solutions a leading provider of cyber security and compliance solutions to the payments industry, announced that it has partnered with Elavon Merchant Services to develop Secured Pro; a managed PCI compliance validation and cyber security service that offers enhanced protection against fraud and payment security breaches. “A new […]
The recent global ransomware attack, referred to as ‘WannaCry’, that resulted in over 45,000 attacks and infected major companies, hospitals and other government institutions, unfortunately caught many off guard. WannaCry targeted computers running Windows operating systems that had not been updated with a security update released by Microsoft in March 2017, as well as […]
By Peter Burgess, PCI-QSA, CISSP, CISM (Ret), CIPT US based travel industry company Sabre Hospitality Solutions, which provides SaaS (Software as a Service) to more than 36,000 properties, has alerted hotels that a hacker has apparently breached its SynXis Central Reservations application SynXis Enterprise Platform and may have stolen payment card data and customer personal […]
Requirement 11.2.2 of the Payment Card Industry Data Security Standard, otherwise known as the ASV scanning requirement, affects a significant number of businesses. These businesses need to engage an Approved Scanning Vendor (ASV to run external vulnerability scans quarterly. It can be difficult for these companies to understand what ASV external vulnerability scanning is, […]
By Natasja Bolton, Senior Acquirer Support QSA Mobile Payments, a broad term covering consumer and merchant-initiated mobile payment methods, have been gaining acceptance in the market place; however, have these methods achieved broad acceptance with consumers and businesses alike? In our article ‘State of Pay – have mobile payments reached a turning point?’ we […]
Most businesses have to comply with multiple information security related standards and regulations. In our experience the average is 3. These can include but are not limited to PCI DSS, GDPR, ISO 2700, Sarbanes Oxley, HIPAA, Cyber Essentials, POPI and even audits by clients.
The EU’s General Data Protection Regulation, or GDPR for short, will come into force across all EU Member States from 25th May 2018. GDPR will affect the processing and movement of the personal data of approximately 500 million citizens.
March 29th, 2017, Dublin, Ireland / Cape Town, South Africa. Sysnet Global Solutions, a leading provider of cyber security and compliance solutions, today launched its Combined Assessment Model at the PCI Security Standards Council’s Middle East and Africa Forum in Cape Town, South Africa. Sysnet’s Combined Assessment Model (CAM) is a single assessment model that covers […]
On March 9th 2017, we officially launched our new US Customer Contact Centre in Atlanta, Georgia. Both Commissioner Pat Wilson of the Georgia Department of Economic Development and Gabriel Moynagh, CEO at Sysnet cut the ribbon to officially launch the opening of the new centre. The launch proved to be a great success and was attended […]
End-to-End Encryption (E2EE) and Point-To-Point Encryption (P2PE), are the two main ways that payment card data is protected when a transaction is made at a Point-of-Sale (POS) terminal. Both encryption methods have their pros and cons, however what those differences are and understanding the impact on a business of choosing one over the other can […]
In May last year, in advance of the introduction of the PCI DSS v3.2 SAQs (Self-Assessment Questionnaires) we created a downloadable fact sheet to explain in detail the impact of the updated Standard on the SAQ types.
In December, Visa published a Security Alert warning of an increasing fraud threat, as the U.S. EMV migration continues, from “criminals placing skimming devices on or in attended and unattended point-of–sale (POS) devices for the purpose of collecting payment card information, including PIN numbers”.
Information Security is complex. Understanding risk and implementing appropriate mitigating controls, be they technical or otherwise, is a challenge for organisations of any size. There is no getting away from that, but witchcraft?
With its expanded content, fully revised diagrams of the e-commerce implementation methods and inclusion of case studies the 2017 guidance is a useful reference for merchants and services providers alike.
Let us first summarise the applicability and intent of SAQ A. This self-assessment questionnaire is applicable to entities that outsource their e-Commerce payment channel payment processing to a PCI DSS compliant third party.
By Natasja Bolton, Senior Acquirer Support QSA Steps to protect small businesses from this year’s security threats As 2017 rolls out, we continue to explore the security threats and cyber-attacks expected to feature this year. Following on from part 1 which can be read here, in part 2 we examine other risks such […]
Conducting an outreach campaign can be tricky to get right as well as resource heavy. Responding to market conditions while also proactively engaging your customers through their preferred channels can be difficult to achieve successfully. It can make sense to outsource, however often providers are not specialised or experienced enough in conducting an outreach security and compliance […]
By Natasja Bolton, Senior Acquirer Support QSA Steps to protect small businesses from this year’s security threats This week we explore some of the security threats and cyber-attacks expected to feature in 2017. As these risks could impact your small business customers we highlight actions that businesses can take to protect themselves, so […]
Jan 12th, 2017, Dublin, Ireland / Atlanta, Georgia – Gov. Nathan Deal today announced that Sysnet Global Solutions, a leading provider of cyber security and compliance solutions to the payments industry, will create more than 500 jobs and invest $2 million in an U.S. Contact Center in DeKalb County.
With 2017 having only commenced and with many businesses planning for the year ahead, it can be an ideal time to reach out to your customers. The most successful approach is via a multi-channel campaign. If your organisation is planning such a campaign then Sysnet can help. We have the experience and expertise to make […]
By Natasja Bolton, Senior Acquirer Support QSA Since the earliest iterations of the PCI DSS, the standard has included the requirement for scoping and has referenced network segmentation as a method of reducing the scope, cost and difficulty of a PCI DSS assessment. For just as long organisations, QSAs and ISAs have been seeking further guidance […]
The PCI Council recently published a supplement document entitled ‘Guidance for PCI DSS Scoping and Network Segmentation’. The driver for the new guidance document was in response to common questions received from industry stakeholders on scoping and segmentation. The methods outlined within the guidance were formed in collaboration with the council’s board of […]
The PCI DSS v3.2 Self-Assessment Questionnaires requires that all merchants have an Incident Response Plan, regardless of their size, volume of transactions or the extent to which they have outsourced the handling of payment card data. This is to make sure they can respond effectively in the event of a breach that could impact payment […]
by Leon van Aswegen, Senior Consulting Manager In the last two years, the PCI P2PE Standard has gained in popularity amongst Acquirers, Solution Providers, Merchants and their assessing QSAs. This is because PCI P2PE Solutions provide independently assured protection for account data from the point of capture, reducing where and how PCI DSS […]
Version 2 of the Payment Application Data Security Standard (PA-DSS) was retired on the 28th October 2016. In the article, ‘Updated: Payment Application Data Security Standard (PA-DSS)’, we discussed what the impacts of the latest version of PA-DSS, version 3.2 were. In this follow up article we explore the impact of continued use of […]
With the major holiday season just around the corner, many retail businesses are gearing up for the shopping frenzy to commence. Increasingly customers are turning to online shopping to avoid queues and to bag a bargain. Therefore it is essential that online retailers are prepared to service the high customer demand. Unfortunately for retailers, […]
At Sysnet we believe that the industry should take a different direction. Replace the non-compliance fee with compliance and security value-added services. By doing so, it will make compliance and security services easier to consume for businesses. Whiles for organisations, they can achieve their objectives of reducing risk without damaging customer relationships. In the […]
By Natasja Bolton, Senior Acquirer Support QSA In our previous articles on the progress of the EMV deployment in the U.S. we noted that EMV was expected to drive criminals away from Card Present counterfeit card fraud to Card Not Present (CNP) fraud. CNP fraud has indeed proliferated in the U.S. since the […]
Small to medium businesses can find it a struggle to navigate security and compliance standards such as PCI DSS. Therefore resources that can make the process that little bit easier and less complicated are often received very positively. Helpful assistance This is why we provide a download-able information security policy template for our […]
By Paul Prior, Senior Vice President Client Engagement In light of the upcoming US presidential election, it occurred to me that it would be fun (and worthwhile) to reflect on a previous campaign message from a different Clinton in the context of our business. In 1992, James Carville was the campaign strategist for Bill Clinton who […]
Non-compliance fees are viewed by many as an acceptable short-term solution to a merchant’s unwillingness to engage with a compliance program. However, often despite the best efforts by acquirers, some merchants continue to remain disengaged. So when a merchant ignores notifications regarding their non-compliance status and the application of non-compliance fees, it may be […]