New PCI SSC Scoping & Segmentation Guidance: what does it mean?
Blog, Fact Sheets, Uncategorized, Whitepapers

New PCI SSC Scoping & Segmentation Guidance: what does it mean?

By Natasja Bolton, Senior Acquirer Support QSA   Since the earliest iterations of the PCI DSS, the standard has included the requirement for scoping and has referenced network segmentation as a method of reducing the scope, cost and difficulty of a PCI DSS assessment. For just as long organisations, QSAs and ISAs have been seeking further guidance […]

Sysnet provides qualified assessment of Ecentric Payment Systems’ Decryption Environment component against P2PE V2
News

Sysnet provides qualified assessment of Ecentric Payment Systems’ Decryption Environment component against P2PE V2

Another Global First December 13th, 2016, Dublin – Ireland, Cape Town – South Africa   Sysnet Global Solutions today announced that it is the first organisation, globally, to provide qualified assessment for a P2PE version 2 Decryption Management Service. Ecentric Payment Systems, one of South Africa’s preferred payment processors, has been listed as a decryption […]

Data breach: Prepare your Business
Blog, Fact Sheets, Uncategorized, Whitepapers

Data breach: Prepare your Business

The PCI DSS v3.2 Self-Assessment Questionnaires requires that all merchants have an Incident Response Plan, regardless of their size, volume of transactions or the extent to which they have outsourced the handling of payment card data. This is to make sure they can respond effectively in the event of a breach that could impact payment […]

Demystifying existing non-listed P2PE Solutions
Blog, Uncategorized

Demystifying existing non-listed P2PE Solutions

by Leon van Aswegen, Senior Consulting Manager   In the last two years, the PCI P2PE Standard has gained in popularity amongst Acquirers, Solution Providers, Merchants and their assessing QSAs.   This is because PCI P2PE Solutions provide independently assured protection for account data from the point of capture, reducing where and how PCI DSS […]

Blog, Videos

Cyber security threats – Keeping your customers safe with proactive data security services

  In a previous article, written by Sysnet’s Paul Prior, Paul mentioned how he believed that a change was necessary in the industry. A move away from using non-compliance fees as a mechanism to drive engagement and compliance.   He highlighted that most of Sysnet’s clients are evangelising the importance of PCI DSS, however not […]

Non-compliance fees; considering alternative approaches
Blog, Uncategorized

Non-compliance fees; considering alternative approaches

Non-compliance fees are viewed by many as an acceptable short-term solution to a merchant’s unwillingness to engage with a compliance program. However, often despite the best efforts by acquirers, some merchants continue to remain disengaged.   So when a merchant ignores notifications regarding their non-compliance status and the application of non-compliance fees, it may be […]

Timelines set for EU Directive on Network and Information Security
Blog, Uncategorized

Timelines set for EU Directive on Network and Information Security

By Natasja Bolton, Senior Acquirer Support QSA In our recent data breach article, we discussed the need for businesses to consider both their Payment Card Industry Data Security Standard (PCI DSS) and legal obligations when planning for security incidents and data breach reporting. In this article we discuss the recently published EU directive on Network […]

planning-data-breach-businesses-ready-meet-legal-obligations
Blog

Planning for a Data Breach – are businesses ready to meet their legal obligations?

By Natasja Bolton, Senior Acquirer Support QSA   In order to help your merchant businesses with the definition and documentation of their Incident Response Plan, Sysnet has created a template document – Download the Security Incident Response Plan Template.   All merchants self-assessing their Payment Card Industry Data Security Standard (PCI DSS) compliance now need […]

News

Sysnet announces the launch of Sysnet.air 2 incorporating version 3.2 of the PCI DSS ahead of the October 31st deadline.

July 14, 2016. Sysnet Global Solutions are delighted to announce the launch of Sysnet.air 2, our next generation market leading, fully white-labelled compliance management software for the payments industry. Introducing version 3.2 of the PCI DSS ahead of the October 31st deadline, Sysnet Global Solutions are helping our acquiring clients lead the way in adopting […]

Articles, Blog, Uncategorised, Videos

Protecting card reading devices – 6 suggestions for your customers

Businesses that accept payment cards for goods or services are often targeted by criminals who will attempt to tamper or substitute their card reading device. Regular inspection of payment card terminals and PIN entry devices is one of the most effective ways that businesses can ensure that their devices are secure from tampering and substitution. In the […]

Articles, Blog, Uncategorised

Sysnet’s Natasja Bolton discusses involvement in Small Merchant Taskforce

We recently reported that Sysnet’s Natasja Bolton, Senior Acquirer Support had contributed to the development of new payment resources to help small merchants and their banks defend against cybercrime. In this follow-up article we asked Natasja to elaborate further on what her role entailed and how she contributed to the development of this new vital […]

Sysnet contributes to industry initiative - Helping small businesses protect against cybercrime
News, Uncategorised

Sysnet contributes to industry initiative – Helping small businesses protect against cybercrime

July 7th, 2016. The Payment Card Industry (PCI) Small Merchant Taskforce was formed by the PCI Security Standards Council (SSC) to address the needs of the small merchant market segment by providing simple guidance on protecting payment card data against theft.   As a member of the PCI Small Merchant Taskforce. Natasja Bolton, Senior Acquirer […]

Articles

In conversation with the PCI Security Standards Council – Adopting PCI DSS 3.2, multi-factor authentication

Laura Johnson, Director of Communications, PCI Security Standards Council, interviews Sysnet’s James Devoy about his perspective on the new version of the PCI DSS. This article was first published on the PCI Security Council website, June 1st, 2016.   By Laura Johnson, Director of Communications, PCI Security Standards Council   Following publication of PCI Data […]

Updated - Prioritised Approach for version 3.2 
Articles, Blog, Uncategorised

Updated – Prioritised Approach for version 3.2 

By Natasja Bolton, Senior Acquirer Support   The Prioritised Approach for PCI DSS, has been updated by the PCI Council to reflect the updated PCI DSS version 3.2. As most of you will know, the Prioritised Approach and its associated Excel Tool offers a risk-based, incremental approach to PCI DSS compliance.  It defines six security milestones […]

Articles

Ask a QSA

‘Ask a QSA’ has received the below question that we feel will resonate with some of our clients. Seasoned QSA, Natasja Bolton stepped up to the challenge.   One of our merchants has provided their Attestation of Compliance (AOC) as a Service Provider, can we accept that AOC as covering their merchant compliance too?   […]

Why P2PE Solution Validation is not as hard as you may think
Articles, Blog

Why P2PE Solution Validation is not as hard as you may think

Natasja Bolton, Senior Acquirer Support, investigates   We previously wrote about the release of PCI P2PE Version 2 and its impact for acquirers and their merchants. In this follow-up article we explore an issue that has come to Sysnet’s attention: that many terminal solution providers and point-of-sale (POS) vendors appear to be actively avoiding P2PE […]

Unauthorised Wireless Access Points – Steps to ensure that your customers are secure 
Articles

Unauthorised Wireless Access Points – Steps to ensure that your customers are secure 

By Jason McWhirr, Information Security Consultant   The likelihood that your customers will experience a data breach at some stage is unfortunately now a fact of life. It’s not if it will happen, it’s when will it happen?   In the previous article, Ransomware – Did you update your incident response plan? we discussed how […]

Merchant Receipts: Are your customers storing more payment card data than they need?
Articles, Blog

Merchant Receipts: Are your customers storing more payment card data than they need?

By Natasja Bolton, Senior Acquirer Support   Face to face card payment transactions generate two receipts – the cardholder copy, on which the Primary Account Number (PAN) must be truncated, and the merchant copy which will usually show the full PAN.   Businesses are well aware that they must retain their merchant copy receipts in […]

Ask a QSA
Articles

Ask a QSA

‘Ask a QSA’ has received a number of queries recently, the below question is somewhat unusual but is something that will resonate with some of our clients. Seasoned QSA, Natasja Bolton stepped up to the challenge.   Do acquirers need to be listed as a service provider in Part 2f of the SAQ or included […]

How PCI DSS builds layers of protection
Articles, Blog, Cyber Risk

How PCI DSS builds layers of protection

By Natasja Bolton, Acquirer Support Manager The primary objectives (or attributes) of security (whether that be ‘information security’ or more recently ‘cyber security’) are encompassed in the CIA triad: Confidentiality, Integrity and Availability which are defined as: Confidentiality: ensuring that information is accessible only to those authorised to have access Integrity: ensuring the accuracy and […]

EMV - The story so far
Articles, Blog

EMV – The story so far

By Natasja Bolton, Acquirer Support Manager Back in late October 2015, we reported how some SMB’s were stating that the “EMV transition is overwhelming”. Fast forward nearly 5 months, the question arising is: how successful has the EMV roll out been so far?   From a consumer perspective, the roll out has seen an estimated […]

Choosing-the-right-communications-channel-to-drive-engagement
Articles, Blog, Infographics

Choosing the right communications channel to drive engagement

Increasing and maintaining PCI DSS compliance can be a challenge, many factors often come into play, from how customers are engaging with their PCI programme to what channel and communications are compelling them to take action. Every communication channel has a value and a benefit, understanding when to implement which channel and at what stage […]