What you need to know about Point to Point Encryption
Articles, Blog, Cyber Risk

What you need to know about Point to Point Encryption (P2PE)

by Michael Hopewell, Managing Information Security Consultant.   Introduction Many businesses have heard about Point to Point Encryption (P2PE). Point of Sale vendors, service providers and others often mention its benefits to businesses: P2PE can reduce risk to payment card data by rendering it unreadable, minimise the number of systems and networks in scope for […]

0 Shares
Maintaining-Your-Compliance-with-the-PCI-DSS-All-Year-Round
Articles, Blog

Maintaining Your Compliance with the PCI DSS – All Year Round

Compliance with the PCI DSS (Payment Card Industry Data Security Standard) is mandatory for all businesses accepting cards for payment. The Standard ensures appropriate security protocols are applied to your payment acceptance environment to protect against fraud.   In its simplest form, the process of achieving compliance involves a scoping (or profiling) stage, which determines […]

0 Shares
PCI DSS and the Internet of Things IoT | Blog Article
Articles, Blog

PCI DSS and the Internet of Things (IoT)

Lots of Internet-connected devices are available on the market and a popular theme now is devices to create a ‘smart home’, which includes smart door locks, surveillance/security cameras and heating control systems that can be monitored and controlled when you are away from the home.   This ability to remotely connect to and integrate devices […]

0 Shares
New PCI SSC Program for Software-based PIN entry on COTS Solutions
Articles, Blog, Uncategorized

New PCI SSC Program for Software-based PIN entry on COTS Solutions

Over the last few months, the PCI SSC has published a set of documents to establish a new program for the specification, testing, evaluation and PCI SSC listing of Software-based PIN entry on Commercial Off The Shelf devices (COTS) Solutions.  Solutions also known as SPoC.   The PCI DSS developed this new PCI Security Standard […]

0 Shares
Compliance with multiple standards: the short and long term benefits of using our Combined Assessment Model
Uncategorized

Compliance with multiple standards: the short and long term benefits of using our Combined Assessment Model

Compliance with multiple information security related standards and regulations can be challenging for organisations. However, by aligning all standards using our Combined Assessment Model, requirements, cost and complexity can be significantly reduced. In this infographic, we explore the short and long term benefits.    

0 Shares
Blog, Uncategorized

Growth in payment card transactions makes PCI DSS compliance more important than ever

by Natasja Bolton, Senior Acquirer Support QSA The UK Cards Association’s 2017 report on UK Card Payments, released on 19th June 2017, reported a doubling of debit and credit card purchases in the last 10 years.  The volume of card transactions reached 16.4 billion in 2016, an increase of 146% from 2006, even though the […]

0 Shares
Legacy systems and data – putting businesses compliance at risk?
Blog, Cyber Risk, Uncategorized

Legacy systems and data – putting businesses compliance at risk?

by Natasja Bolton, Senior Acquirer Support QSA   At the release of the PCI Scoping Guidance back in December 2016, the PCI Council highlighted the fact that “data breach investigation reports continue to find that companies suffering compromises were unaware that cardholder data was present on their compromised systems”.   Why is that?  Well, often […]

0 Shares
Cyber crime - Protecting your business
Blog, FDUS - Associates, FDUS - Managers, Videos

Cyber crime – Protecting your business

Online commerce has created incredible new opportunities for businesses to market and sell services globally. Many businesses, in particular small to medium ones, often do not consider that they could be targeted by cyber crime. The reality, unfortunately is that small to medium businesses are now very much being targeted by cyber criminals as many are […]

0 Shares
Our expertise will make your outreach campaign a success
Blog, Uncategorized

Outreach campaign success

Conducting an outreach campaign can be tricky to get right as well as resource heavy. Responding to market conditions while also proactively engaging your customers through their preferred channels can be difficult to achieve successfully. It can make sense to outsource, however often providers are not specialised or experienced enough in conducting an outreach security and compliance […]

0 Shares
Blog, Videos

Cyber security threats – Keeping your customers safe with proactive data security services

  In a previous article, written by Sysnet’s Paul Prior, Paul mentioned how he believed that a change was necessary in the industry. A move away from using non-compliance fees as a mechanism to drive engagement and compliance.   He highlighted that most of Sysnet’s clients are evangelising the importance of PCI DSS, however not […]

0 Shares
Non-compliance fees; considering alternative approaches
Blog, Uncategorized

Non-compliance fees; considering alternative approaches

Non-compliance fees are viewed by many as an acceptable short-term solution to a merchant’s unwillingness to engage with a compliance program. However, often despite the best efforts by acquirers, some merchants continue to remain disengaged.   So when a merchant ignores notifications regarding their non-compliance status and the application of non-compliance fees, it may be […]

0 Shares
Building deeper relationships with your customers
Uncategorized

Building deeper relationships with your customers

Money can buy many things, however relationships is a trickier one. It involves behavioural traits that can’t always be easily defined and controlled. However the reality is that customer relationships are a key component of what drives business.   Many organisations can get caught up in the detail of their products and services. Neglecting to […]

0 Shares
Who are your customers outsourcing their security to?
Blog, Uncategorized

Are your customers looking to outsource their security and compliance?

Security and compliance is a lot like having to do taxes, it’s a chore. Most businesses understand that it is important to be secure and compliant, but the complexity and time that it can take can indeed be off putting. In fact some businesses turn to accountants to look after their compliance with standards such […]

0 Shares
SHA-1 certificates – what your ecommerce customers need to know
Articles, Blog

SHA-1 certificates – what your ecommerce customers need to know

By Natasja Bolton, Senior Acquirer Support In 2015 use of the 20 year old SSL security protocol for encryption of sensitive data in transmission was deprecated (in PCI DSS v3.1) to encourage ecommerce businesses to migrate to TLS (Transport Layer Security).    In 2016, further technology changes are underway that will impact those of your customers […]

0 Shares
Articles

Ask a QSA

‘Ask a QSA’ has received the below question that we feel will resonate with some of our clients. Seasoned QSA, Natasja Bolton stepped up to the challenge.   One of our merchants has provided their Attestation of Compliance (AOC) as a Service Provider, can we accept that AOC as covering their merchant compliance too?   […]

0 Shares
Why P2PE Solution Validation is not as hard as you may think
Articles, Blog

Why P2PE Solution Validation is not as hard as you may think

Natasja Bolton, Senior Acquirer Support, investigates   We previously wrote about the release of PCI P2PE Version 2 and its impact for acquirers and their merchants. In this follow-up article we explore an issue that has come to Sysnet’s attention: that many terminal solution providers and point-of-sale (POS) vendors appear to be actively avoiding P2PE […]

0 Shares
Unauthorised Wireless Access Points – Steps to ensure that your customers are secure 
Articles

Unauthorised Wireless Access Points – Steps to ensure that your customers are secure 

By Jason McWhirr, Information Security Consultant   The likelihood that your customers will experience a data breach at some stage is unfortunately now a fact of life. It’s not if it will happen, it’s when will it happen?   In the previous article, Ransomware – Did you update your incident response plan? we discussed how […]

0 Shares
Uncategorised

Your customers find security and compliance complicated, how you can help

We all know that security and compliance can be complicated for businesses. There are so many components for your customers to consider and manage. Businesses, in particular, small to medium ones often just want the pain to be taken away. The bottom line is that over the years when it comes to securely accepting payment […]

0 Shares
Keep the compliance jargon to a minimum
Articles, Blog

Keep the compliance jargon to a minimum

“[Unfamiliar acronyms] create false economies. They may save a few words, but they may also frustrate and force the reader to take more time and effort to understand the document.” U.S. Securities and Exchange Commission, Plain English Handbook.   Most sectors have their own industry jargon and acronyms, familiar to those working within the industry […]

0 Shares
Choosing-the-right-communications-channel-to-drive-engagement
Articles, Blog, Infographics

Choosing the right communications channel to drive engagement

Increasing and maintaining PCI DSS compliance can be a challenge, many factors often come into play, from how customers are engaging with their PCI programme to what channel and communications are compelling them to take action. Every communication channel has a value and a benefit, understanding when to implement which channel and at what stage […]

0 Shares
Articles

Streamline VIP customer compliance management

Managing your database of customers across all PCI DSS levels can be challenging and may involve multiple spreadsheets, documents and email accounts scattered across your business. Engaging your relationship managed customers and guiding them through their PCI DSS journey can be complicated and challenging to keep track of.   Sysnet’s VIP Manager addresses these issues […]

0 Shares
Articles, Blog

Can Cyber Essentials help your clients towards PCI DSS compliance?

By Natasja Bolton, Acquirer Support Manager Although PCI DSS is a prescriptive set of requirements focussed on payment card data and most cyber-security guides do not go to the same level of detail, being high-level recommendations and advice without specific measures of the achievement of the risk reduction objective, the Cyber Essentials Scheme does cover a […]

0 Shares
Ransomware - Tips on prevention, response and evading extortion
Articles, Blog

Ransomware – Tips on prevention, response and evading extortion

by Dr. Grigorios Fragkos, VP Cybersecurity Ransomware, a malware that prevents or in some cases limits users from accessing their data has been on the rise. Last year, 2015 saw a considerable increase with Crowti (also known as CryptoWall) and FakeBSOD being the two instances that affected more than 850,000 systems between June and November. […]

0 Shares
Articles, Blog

Using data to build better relationships with your SMBs

Every engagement with a client provides an opportunity for you to strengthen your relationship with them. By ensuring that each contact makes them feel that they have a strong business partner that they can trust, rely on, and build their business with, you are fueling their loyalty and strengthening your customer relationship.   Conversely, each […]

0 Shares
Customer engagement - driving compliance through customer engagement
Articles, Blog, Whitepapers

Customer engagement – driving compliance through customer engagement

Many factors can impact the effective delivery of a PCI programme for acquirers, processors and ISOs.  From how customers are engaging with their PCI programme to what channel and communications are compelling them to take action.   Download our Best Practice Guide where we take a look at how an omni-channel approach can improve customer […]

0 Shares
The Requirement for Service Provider PCI DSS Compliance
Articles, Blog

The Requirement for Service Provider PCI DSS Compliance

by Natasja Bolton, Acquirer Support Manager     Business customers engage with all manner of third party service providers to support their business, whether that be IT support providers, data centres, offsite storage providers, hosting providers or payment processors. What is not always understood is that outsourcing a business operation or buying in a service […]

0 Shares
A guide to ecommerce SAQs
Articles, Blog, Client Resources, Whitepapers

A guide to ecommerce SAQs

by Natasja Bolton, Acquirer Support Manager Most small and medium-sized merchants rely on an online compliance portal, such as our Sysnet.air solution, to determine the appropriate SAQ for their PCI DSS self-assessment. SAQ determination is based on the merchant’s completion of a series of questions on their  payment channels and payment processing methods.   For many merchants […]

0 Shares
Articles, Client Resources

Closing the deal on compliance merchant support service

In our experience, getting merchants compliant is not unlike carrying out a sales campaign, it can sometimes take quite a few calls to successfully engage merchants in the process. Studies show that 80 Percent of successful sales require five follow-up calls.   Though it seldom takes that many calls to get merchants compliant, sometimes a […]

0 Shares
Articles, Client Resources

Outsourcing Customer Contact Services

Outsourcing makes sense and is widely practiced by many organisations for all sorts of business processes.  However, within the payments industry, one area where outsourcing is not so readily embraced is that of merchant contact services and with good reason. One of the primary disadvantages of outsourcing this service is the lack of customer focus.   […]

0 Shares
Articles, Client Resources

Security – who cares about small businesses? We do!

Most small businesses know that their customers’ loyalty is key to their success and constantly strive to keep their customers happy and coming back time and time again. However, many don’t realise that failing to secure their customers sensitive payment information, puts not only their customers’ loyalty but also the survival of their business at […]

0 Shares