By Natasja Bolton, Senior Acquirer Support QSA Since the earliest iterations of the PCI DSS, the standard has included the requirement for scoping and has referenced network segmentation as a method of reducing the scope, cost and difficulty of a PCI DSS assessment. For just as long organisations, QSAs and ISAs have been seeking further guidance […]
Another Global First December 13th, 2016, Dublin – Ireland, Cape Town – South Africa Sysnet Global Solutions today announced that it is the first organisation, globally, to provide qualified assessment for a P2PE version 2 Decryption Management Service. Ecentric Payment Systems, one of South Africa’s preferred payment processors, has been listed as a decryption […]
The PCI DSS v3.2 Self-Assessment Questionnaires requires that all merchants have an Incident Response Plan, regardless of their size, volume of transactions or the extent to which they have outsourced the handling of payment card data. This is to make sure they can respond effectively in the event of a breach that could impact payment […]
by Leon van Aswegen, Senior Consulting Manager In the last two years, the PCI P2PE Standard has gained in popularity amongst Acquirers, Solution Providers, Merchants and their assessing QSAs. This is because PCI P2PE Solutions provide independently assured protection for account data from the point of capture, reducing where and how PCI DSS […]
The end of October marked the one year anniversary of EMV. As expected there have been a few highs and lows during this time. The transformation has overall been successful with fraud largely dropping and consumer adaptation at a high, however small to medium businesses still have a way to go in relation to getting […]
By Natasja Bolton, Senior Acquirer Support QSA In our previous articles on the progress of the EMV deployment in the U.S. we noted that EMV was expected to drive criminals away from Card Present counterfeit card fraud to Card Not Present (CNP) fraud. CNP fraud has indeed proliferated in the U.S. since the […]
In a previous article, written by Sysnet’s Paul Prior, Paul mentioned how he believed that a change was necessary in the industry. A move away from using non-compliance fees as a mechanism to drive engagement and compliance. He highlighted that most of Sysnet’s clients are evangelising the importance of PCI DSS, however not […]
By Paul Prior, Senior Vice President Client Engagement In light of the upcoming US presidential election, it occurred to me that it would be fun (and worthwhile) to reflect on a previous campaign message from a different Clinton in the context of our business. In 1992, James Carville was the campaign strategist for Bill Clinton who […]
Non-compliance fees are viewed by many as an acceptable short-term solution to a merchant’s unwillingness to engage with a compliance program. However, often despite the best efforts by acquirers, some merchants continue to remain disengaged. So when a merchant ignores notifications regarding their non-compliance status and the application of non-compliance fees, it may be […]
By Natasja Bolton, Senior Acquirer Support QSA Back in June, Sysnet reported on SHA-1 based certificates and why support was ceasing. In that article we also examined the potential impact on ecommerce businesses. Recently, the PCI Security Standards Council (PCI SSC) has released their own guidance on SHA-1 in the form of a Frequently Asked […]
Money can buy many things, however relationships is a trickier one. It involves behavioural traits that can’t always be easily defined and controlled. However the reality is that customer relationships are a key component of what drives business. Many organisations can get caught up in the detail of their products and services. Neglecting to […]
By Jason McWhirr, Information Security Consultant What is the PCI DSS Prioritised Approach? Merchants with more complex payment systems or payment processes that do not fit into the shortened SAQs (A, A-EP, B, B-IP, C & P2PE) are required to complete SAQ D or may require an on-site assessment (for merchants with larger amounts of […]
By Jason McWhirr, Information Security Consultant When it comes to processing cardholder data, many businesses these days will often use more than one method. Whether they are using a point of sale (POS) device or taking online payments one thing is clear, all payment card data must be protected by implementing the security controls in […]
Security and compliance is a lot like having to do taxes, it’s a chore. Most businesses understand that it is important to be secure and compliant, but the complexity and time that it can take can indeed be off putting. In fact some businesses turn to accountants to look after their compliance with standards such […]
By Natasja Bolton, Senior Acquirer Support QSA In our recent data breach article, we discussed the need for businesses to consider both their Payment Card Industry Data Security Standard (PCI DSS) and legal obligations when planning for security incidents and data breach reporting. In this article we discuss the recently published EU directive on Network […]
By Natasja Bolton, Senior Acquirer Support QSA In order to help your merchant businesses with the definition and documentation of their Incident Response Plan, Sysnet has created a template document – Download the Security Incident Response Plan Template. All merchants self-assessing their Payment Card Industry Data Security Standard (PCI DSS) compliance now need […]
July 14, 2016. Sysnet Global Solutions are delighted to announce the launch of Sysnet.air 2, our next generation market leading, fully white-labelled compliance management software for the payments industry. Introducing version 3.2 of the PCI DSS ahead of the October 31st deadline, Sysnet Global Solutions are helping our acquiring clients lead the way in adopting […]
Businesses that accept payment cards for goods or services are often targeted by criminals who will attempt to tamper or substitute their card reading device. Regular inspection of payment card terminals and PIN entry devices is one of the most effective ways that businesses can ensure that their devices are secure from tampering and substitution. In the […]
We recently reported that Sysnet’s Natasja Bolton, Senior Acquirer Support had contributed to the development of new payment resources to help small merchants and their banks defend against cybercrime. In this follow-up article we asked Natasja to elaborate further on what her role entailed and how she contributed to the development of this new vital […]
By Natasja Bolton, Senior Acquirer Support The EMV roll out across the U.S was never going to be an easy task; with so many organisations and businesses affected by the change it was bound to be challenging. However, impressive progress has been made: since December 2015, 766,000 merchant locations have been chip-enabled in the U.S, […]
July 7th, 2016. The Payment Card Industry (PCI) Small Merchant Taskforce was formed by the PCI Security Standards Council (SSC) to address the needs of the small merchant market segment by providing simple guidance on protecting payment card data against theft. As a member of the PCI Small Merchant Taskforce. Natasja Bolton, Senior Acquirer […]
By Jason McWhirr, Information Security Consultant It will come as no surprise that the Report on Compliance (RoC) template has also been updated as part of the roll out of Payment Card Industry Data Security Standard (PCI DSS) version 3.2. For those not so familiar with the template, it applies to all level 1 […]
Laura Johnson, Director of Communications, PCI Security Standards Council, interviews Sysnet’s James Devoy about his perspective on the new version of the PCI DSS. This article was first published on the PCI Security Council website, June 1st, 2016. By Laura Johnson, Director of Communications, PCI Security Standards Council Following publication of PCI Data […]
By Natasja Bolton, Senior Acquirer Support The Prioritised Approach for PCI DSS, has been updated by the PCI Council to reflect the updated PCI DSS version 3.2. As most of you will know, the Prioritised Approach and its associated Excel Tool offers a risk-based, incremental approach to PCI DSS compliance. It defines six security milestones […]
‘Ask a QSA’ has received the below question that we feel will resonate with some of our clients. Seasoned QSA, Natasja Bolton stepped up to the challenge. One of our merchants has provided their Attestation of Compliance (AOC) as a Service Provider, can we accept that AOC as covering their merchant compliance too? […]
The updated 3.2 Payment Application Data Security Standard (PA-DSS) is scheduled to be released tomorrow, June 1st, 2016 by the PCI Council. In this article we examine what the main impacts of the update are. The new version of PA-DSS comes into effect from 1st June 2016 and version 3.1 is retired on 31st […]
Natasja Bolton, Senior Acquirer Support, investigates We previously wrote about the release of PCI P2PE Version 2 and its impact for acquirers and their merchants. In this follow-up article we explore an issue that has come to Sysnet’s attention: that many terminal solution providers and point-of-sale (POS) vendors appear to be actively avoiding P2PE […]
By Jason McWhirr, Information Security Consultant The likelihood that your customers will experience a data breach at some stage is unfortunately now a fact of life. It’s not if it will happen, it’s when will it happen? In the previous article, Ransomware – Did you update your incident response plan? we discussed how […]
In a previous article we provided a quick guide to PCI DSS v3.2 to assist you with navigating the updated standard, if you haven’t read it yet we encourage you to do so. In this follow-up article, we examine what are the impacts that v3.2 brings to the various SAQ types. The impact on […]
We all know that security and compliance can be complicated for businesses. There are so many components for your customers to consider and manage. Businesses, in particular, small to medium ones often just want the pain to be taken away. The bottom line is that over the years when it comes to securely accepting payment […]
By Natasja Bolton, Senior Acquirer Support In order to assist you with navigating the updated standard we’ve prepared the following easy to reference Guide to PCI DSS v3.2. For a more in-depth review of PCI V3.2 we recommend reading the article PCI DSS v3.2 – What’s changed. Guide to PCI DSS v3.2 Key Dates […]
By Natasja Bolton, Senior Acquirer Support On the 28th April 2016, the PCI SSC published the latest version of the PCI Data Security Standard: the PCI DSS v3.2. We previously wrote about the changes that the council had planned for v3.2, in this follow-up article we examine the changes that have been included in the […]
“[Unfamiliar acronyms] create false economies. They may save a few words, but they may also frustrate and force the reader to take more time and effort to understand the document.” U.S. Securities and Exchange Commission, Plain English Handbook. Most sectors have their own industry jargon and acronyms, familiar to those working within the industry […]
By Natasja Bolton, Senior Acquirer Support Face to face card payment transactions generate two receipts – the cardholder copy, on which the Primary Account Number (PAN) must be truncated, and the merchant copy which will usually show the full PAN. Businesses are well aware that they must retain their merchant copy receipts in […]
In a previous article entitled ‘Solving the tribal knowledge problem’ we discussed the challenge that many organisations have where a customer is being managed by a small team or an individual and the sharing of knowledge to other team members does not happen outside of that circle. In the following article we examine how PCI […]
The updated PCI DSS version 3.2 is scheduled to be released at the end of April, in our previous post entitled ‘Council announce PCI DSS V3.2 update’ we looked at what was potentially making an appearance in the update. In this follow-up article, we examine the planned features to the new update that were presented by […]
‘Ask a QSA’ has received a number of queries recently, the below question is somewhat unusual but is something that will resonate with some of our clients. Seasoned QSA, Natasja Bolton stepped up to the challenge. Do acquirers need to be listed as a service provider in Part 2f of the SAQ or included […]
By Natasja Bolton, Acquirer Support Manager The primary objectives (or attributes) of security (whether that be ‘information security’ or more recently ‘cyber security’) are encompassed in the CIA triad: Confidentiality, Integrity and Availability which are defined as: Confidentiality: ensuring that information is accessible only to those authorised to have access Integrity: ensuring the accuracy and […]
By Natasja Bolton, Acquirer Support Manager Back in late October 2015, we reported how some SMB’s were stating that the “EMV transition is overwhelming”. Fast forward nearly 5 months, the question arising is: how successful has the EMV roll out been so far? From a consumer perspective, the roll out has seen an estimated […]
Increasing and maintaining PCI DSS compliance can be a challenge, many factors often come into play, from how customers are engaging with their PCI programme to what channel and communications are compelling them to take action. Every communication channel has a value and a benefit, understanding when to implement which channel and at what stage […]
