Sysnet Launches Tailored PCI DSS Solution for Payment Facilitators
News

Sysnet Launches Tailored PCI DSS Solution for Payment Facilitators

October 2, 2019, Dublin, Ireland – Atlanta, Georgia – London, United Kingdom – Sysnet Global Solutions has announced the launch of its PCI DSS solution designed to help payment facilitators,  their sub-merchants, and their Acquirers increase PCI compliance and reduce risk.   The PCI DSS (Payment Card Industry Data Security Standard) is a set of […]

What-is-it-that-makes-a-Level-4-Merchant-High-risk
Articles, Blog

What is it that makes a Level 4 Merchant High-risk?

Mastercard has set a deadline for acquiring organisations to manage risk in their Level 4 Merchant portfolio. Mastercard’s updated Site Data Protection (SDP) Program rules expect PCI DSS compliance validation from your high-risk merchants.   Mastercard requires all acquirers to have a Level 4 risk management programme in place to meet the updated SDP requirements. […]

What you need to know about Point to Point Encryption
Articles, Blog, Cyber Risk

What you need to know about Point to Point Encryption (P2PE)

by Michael Hopewell, Managing Information Security Consultant.   Introduction Many businesses have heard about Point to Point Encryption (P2PE). Point of Sale vendors, service providers and others often mention its benefits to businesses: P2PE can reduce risk to payment card data by rendering it unreadable, minimise the number of systems and networks in scope for […]

Maintaining-Your-Compliance-with-the-PCI-DSS-All-Year-Round
Articles, Blog

Maintaining Your Compliance with the PCI DSS – All Year Round

Compliance with the PCI DSS (Payment Card Industry Data Security Standard) is mandatory for all businesses accepting cards for payment. The Standard ensures appropriate security protocols are applied to your payment acceptance environment to protect against fraud.   In its simplest form, the process of achieving compliance involves a scoping (or profiling) stage, which determines […]

New PCI SSC Program for Software-based PIN entry on COTS Solutions
Articles, Blog, Uncategorized

New PCI SSC Program for Software-based PIN entry on COTS Solutions

Over the last few months, the PCI SSC has published a set of documents to establish a new program for the specification, testing, evaluation and PCI SSC listing of Software-based PIN entry on Commercial Off The Shelf devices (COTS) Solutions.  Solutions also known as SPoC.   The PCI DSS developed this new PCI Security Standard […]

Compliance with multiple standards: the short and long term benefits of using our Combined Assessment Model
Uncategorized

Compliance with multiple standards: the short and long term benefits of using our Combined Assessment Model

Compliance with multiple information security related standards and regulations can be challenging for organisations. However, by aligning all standards using our Combined Assessment Model, requirements, cost and complexity can be significantly reduced. In this infographic, we explore the short and long term benefits.    

Blog, Uncategorized

Growth in payment card transactions makes PCI DSS compliance more important than ever

by Natasja Bolton, Senior Acquirer Support QSA The UK Cards Association’s 2017 report on UK Card Payments, released on 19th June 2017, reported a doubling of debit and credit card purchases in the last 10 years.  The volume of card transactions reached 16.4 billion in 2016, an increase of 146% from 2006, even though the […]

Legacy systems and data – putting businesses compliance at risk?
Blog, Cyber Risk, Uncategorized

Legacy systems and data – putting businesses compliance at risk?

by Natasja Bolton, Senior Acquirer Support QSA   At the release of the PCI Scoping Guidance back in December 2016, the PCI Council highlighted the fact that “data breach investigation reports continue to find that companies suffering compromises were unaware that cardholder data was present on their compromised systems”.   Why is that?  Well, often […]

Cyber crime - Protecting your business
Blog, FDUS - Associates, FDUS - Managers, Videos

Cyber crime – Protecting your business

Online commerce has created incredible new opportunities for businesses to market and sell services globally. Many businesses, in particular small to medium ones, often do not consider that they could be targeted by cyber crime. The reality, unfortunately is that small to medium businesses are now very much being targeted by cyber criminals as many are […]

Our expertise will make your outreach campaign a success
Blog, Uncategorized

Outreach campaign success

Conducting an outreach campaign can be tricky to get right as well as resource heavy. Responding to market conditions while also proactively engaging your customers through their preferred channels can be difficult to achieve successfully. It can make sense to outsource, however often providers are not specialised or experienced enough in conducting an outreach security and compliance […]

Blog, Videos

Cyber security threats – Keeping your customers safe with proactive data security services

  In a previous article, written by Sysnet’s Paul Prior, Paul mentioned how he believed that a change was necessary in the industry. A move away from using non-compliance fees as a mechanism to drive engagement and compliance.   He highlighted that most of Sysnet’s clients are evangelising the importance of PCI DSS, however not […]

Non-compliance fees; considering alternative approaches
Blog, Uncategorized

Non-compliance fees; considering alternative approaches

Non-compliance fees are viewed by many as an acceptable short-term solution to a merchant’s unwillingness to engage with a compliance program. However, often despite the best efforts by acquirers, some merchants continue to remain disengaged.   So when a merchant ignores notifications regarding their non-compliance status and the application of non-compliance fees, it may be […]

SHA-1 certificates – what your ecommerce customers need to know
Articles, Blog

SHA-1 certificates – what your ecommerce customers need to know

By Natasja Bolton, Senior Acquirer Support In 2015 use of the 20 year old SSL security protocol for encryption of sensitive data in transmission was deprecated (in PCI DSS v3.1) to encourage ecommerce businesses to migrate to TLS (Transport Layer Security).    In 2016, further technology changes are underway that will impact those of your customers […]

Articles

Ask a QSA

‘Ask a QSA’ has received the below question that we feel will resonate with some of our clients. Seasoned QSA, Natasja Bolton stepped up to the challenge.   One of our merchants has provided their Attestation of Compliance (AOC) as a Service Provider, can we accept that AOC as covering their merchant compliance too?   […]

Why P2PE Solution Validation is not as hard as you may think
Articles, Blog

Why P2PE Solution Validation is not as hard as you may think

Natasja Bolton, Senior Acquirer Support, investigates   We previously wrote about the release of PCI P2PE Version 2 and its impact for acquirers and their merchants. In this follow-up article we explore an issue that has come to Sysnet’s attention: that many terminal solution providers and point-of-sale (POS) vendors appear to be actively avoiding P2PE […]

Unauthorised Wireless Access Points – Steps to ensure that your customers are secure 
Articles

Unauthorised Wireless Access Points – Steps to ensure that your customers are secure 

By Jason McWhirr, Information Security Consultant   The likelihood that your customers will experience a data breach at some stage is unfortunately now a fact of life. It’s not if it will happen, it’s when will it happen?   In the previous article, Ransomware – Did you update your incident response plan? we discussed how […]

Choosing-the-right-communications-channel-to-drive-engagement
Articles, Blog, Infographics

Choosing the right communications channel to drive engagement

Increasing and maintaining PCI DSS compliance can be a challenge, many factors often come into play, from how customers are engaging with their PCI programme to what channel and communications are compelling them to take action. Every communication channel has a value and a benefit, understanding when to implement which channel and at what stage […]

Articles

Streamline VIP customer compliance management

Managing your database of customers across all PCI DSS levels can be challenging and may involve multiple spreadsheets, documents and email accounts scattered across your business. Engaging your relationship managed customers and guiding them through their PCI DSS journey can be complicated and challenging to keep track of.   Sysnet’s VIP Manager addresses these issues […]

Articles, Blog

Can Cyber Essentials help your clients towards PCI DSS compliance?

By Natasja Bolton, Acquirer Support Manager Although PCI DSS is a prescriptive set of requirements focussed on payment card data and most cyber-security guides do not go to the same level of detail, being high-level recommendations and advice without specific measures of the achievement of the risk reduction objective, the Cyber Essentials Scheme does cover a […]

Ransomware - Tips on prevention, response and evading extortion
Articles, Blog

Ransomware – Tips on prevention, response and evading extortion

by Dr. Grigorios Fragkos, VP Cybersecurity Ransomware, a malware that prevents or in some cases limits users from accessing their data has been on the rise. Last year, 2015 saw a considerable increase with Crowti (also known as CryptoWall) and FakeBSOD being the two instances that affected more than 850,000 systems between June and November. […]

Articles, Blog

Using data to build better relationships with your SMBs

Every engagement with a client provides an opportunity for you to strengthen your relationship with them. By ensuring that each contact makes them feel that they have a strong business partner that they can trust, rely on, and build their business with, you are fueling their loyalty and strengthening your customer relationship.   Conversely, each […]

Customer engagement - driving compliance through customer engagement
Articles, Blog, Whitepapers

Customer engagement – driving compliance through customer engagement

Many factors can impact the effective delivery of a PCI programme for acquirers, processors and ISOs.  From how customers are engaging with their PCI programme to what channel and communications are compelling them to take action.   Download our Best Practice Guide where we take a look at how an omni-channel approach can improve customer […]

The Requirement for Service Provider PCI DSS Compliance
Articles, Blog

The Requirement for Service Provider PCI DSS Compliance

by Natasja Bolton, Acquirer Support Manager     Business customers engage with all manner of third party service providers to support their business, whether that be IT support providers, data centres, offsite storage providers, hosting providers or payment processors. What is not always understood is that outsourcing a business operation or buying in a service […]

A guide to ecommerce SAQs
Articles, Blog, Client Resources, Whitepapers

A guide to ecommerce SAQs

by Natasja Bolton, Acquirer Support Manager Most small and medium-sized merchants rely on an online compliance portal, such as our Sysnet.air solution, to determine the appropriate SAQ for their PCI DSS self-assessment. SAQ determination is based on the merchant’s completion of a series of questions on their  payment channels and payment processing methods.   For many merchants […]

Articles, Client Resources

Closing the deal on compliance merchant support service

In our experience, getting merchants compliant is not unlike carrying out a sales campaign, it can sometimes take quite a few calls to successfully engage merchants in the process. Studies show that 80 Percent of successful sales require five follow-up calls.   Though it seldom takes that many calls to get merchants compliant, sometimes a […]