Sysnet provides qualified assessment of Ecentric Payment Systems’ Decryption Environment component against P2PE V2
News

Sysnet provides qualified assessment of Ecentric Payment Systems’ Decryption Environment component against P2PE V2

Another Global First December 13th, 2016, Dublin – Ireland, Cape Town – South Africa   Sysnet Global Solutions today announced that it is the first organisation, globally, to provide qualified assessment for a P2PE version 2 Decryption Management Service. Ecentric Payment Systems, one of South Africa’s preferred payment processors, has been listed as a decryption […]

0 Shares
Data breach: Prepare your Business
Blog, Fact Sheets, Uncategorized, Whitepapers

Data breach: Prepare your Business

The PCI DSS v3.2 Self-Assessment Questionnaires requires that all merchants have an Incident Response Plan, regardless of their size, volume of transactions or the extent to which they have outsourced the handling of payment card data. This is to make sure they can respond effectively in the event of a breach that could impact payment […]

0 Shares
Demystifying existing non-listed P2PE Solutions
Blog, Uncategorized

Demystifying existing non-listed P2PE Solutions

by Leon van Aswegen, Senior Consulting Manager   In the last two years, the PCI P2PE Standard has gained in popularity amongst Acquirers, Solution Providers, Merchants and their assessing QSAs.   This is because PCI P2PE Solutions provide independently assured protection for account data from the point of capture, reducing where and how PCI DSS […]

0 Shares
Blog, Videos

Cyber security threats – Keeping your customers safe with proactive data security services

  In a previous article, written by Sysnet’s Paul Prior, Paul mentioned how he believed that a change was necessary in the industry. A move away from using non-compliance fees as a mechanism to drive engagement and compliance.   He highlighted that most of Sysnet’s clients are evangelising the importance of PCI DSS, however not […]

0 Shares
In light of the upcoming US presidential election
Articles, Blog, Uncategorized

In light of the upcoming US presidential election

By Paul Prior, Senior Vice President Client Engagement In light of the upcoming US presidential election, it occurred to me that it would be fun (and worthwhile) to reflect on a previous campaign message from a different Clinton in the context of our business. In 1992, James Carville was the campaign strategist for Bill Clinton who […]

0 Shares
Non-compliance fees; considering alternative approaches
Blog, Uncategorized

Non-compliance fees; considering alternative approaches

Non-compliance fees are viewed by many as an acceptable short-term solution to a merchant’s unwillingness to engage with a compliance program. However, often despite the best efforts by acquirers, some merchants continue to remain disengaged.   So when a merchant ignores notifications regarding their non-compliance status and the application of non-compliance fees, it may be […]

0 Shares
SHA-1 - the PCI Council’s views revealed
Blog, Uncategorized

SHA-1 – the PCI Council’s views revealed

By Natasja Bolton, Senior Acquirer Support QSA   Back in June, Sysnet reported on SHA-1 based certificates and why support was ceasing. In that article we also examined the potential impact on ecommerce businesses. Recently, the PCI Security Standards Council (PCI SSC) has released their own guidance on SHA-1 in the form of a Frequently Asked […]

0 Shares
Building deeper relationships with your customers
Uncategorized

Building deeper relationships with your customers

Money can buy many things, however relationships is a trickier one. It involves behavioural traits that can’t always be easily defined and controlled. However the reality is that customer relationships are a key component of what drives business.   Many organisations can get caught up in the detail of their products and services. Neglecting to […]

0 Shares
Who are your customers outsourcing their security to?
Blog, Uncategorized

Are your customers looking to outsource their security and compliance?

Security and compliance is a lot like having to do taxes, it’s a chore. Most businesses understand that it is important to be secure and compliant, but the complexity and time that it can take can indeed be off putting. In fact some businesses turn to accountants to look after their compliance with standards such […]

0 Shares
Timelines set for EU Directive on Network and Information Security
Blog, Uncategorized

Timelines set for EU Directive on Network and Information Security

By Natasja Bolton, Senior Acquirer Support QSA In our recent data breach article, we discussed the need for businesses to consider both their Payment Card Industry Data Security Standard (PCI DSS) and legal obligations when planning for security incidents and data breach reporting. In this article we discuss the recently published EU directive on Network […]

0 Shares
planning-data-breach-businesses-ready-meet-legal-obligations
Blog

Planning for a Data Breach – are businesses ready to meet their legal obligations?

By Natasja Bolton, Senior Acquirer Support QSA   In order to help your merchant businesses with the definition and documentation of their Incident Response Plan, Sysnet has created a template document – Download the Security Incident Response Plan Template.   All merchants self-assessing their Payment Card Industry Data Security Standard (PCI DSS) compliance now need […]

0 Shares
News

Sysnet announces the launch of Sysnet.air 2 incorporating version 3.2 of the PCI DSS ahead of the October 31st deadline.

July 14, 2016. Sysnet Global Solutions are delighted to announce the launch of Sysnet.air 2, our next generation market leading, fully white-labelled compliance management software for the payments industry. Introducing version 3.2 of the PCI DSS ahead of the October 31st deadline, Sysnet Global Solutions are helping our acquiring clients lead the way in adopting […]

0 Shares
Articles, Blog, Uncategorised, Videos

Protecting card reading devices – 6 suggestions for your customers

Businesses that accept payment cards for goods or services are often targeted by criminals who will attempt to tamper or substitute their card reading device. Regular inspection of payment card terminals and PIN entry devices is one of the most effective ways that businesses can ensure that their devices are secure from tampering and substitution. In the […]

0 Shares
Articles, Blog, Uncategorised

Sysnet’s Natasja Bolton discusses involvement in Small Merchant Taskforce

We recently reported that Sysnet’s Natasja Bolton, Senior Acquirer Support had contributed to the development of new payment resources to help small merchants and their banks defend against cybercrime. In this follow-up article we asked Natasja to elaborate further on what her role entailed and how she contributed to the development of this new vital […]

0 Shares
Sysnet contributes to industry initiative - Helping small businesses protect against cybercrime
News, Uncategorised

Sysnet contributes to industry initiative – Helping small businesses protect against cybercrime

July 7th, 2016. The Payment Card Industry (PCI) Small Merchant Taskforce was formed by the PCI Security Standards Council (SSC) to address the needs of the small merchant market segment by providing simple guidance on protecting payment card data against theft.   As a member of the PCI Small Merchant Taskforce. Natasja Bolton, Senior Acquirer […]

0 Shares
Articles

In conversation with the PCI Security Standards Council – Adopting PCI DSS 3.2, multi-factor authentication

Laura Johnson, Director of Communications, PCI Security Standards Council, interviews Sysnet’s James Devoy about his perspective on the new version of the PCI DSS. This article was first published on the PCI Security Council website, June 1st, 2016.   By Laura Johnson, Director of Communications, PCI Security Standards Council   Following publication of PCI Data […]

0 Shares
Updated - Prioritised Approach for version 3.2 
Articles, Blog, Uncategorised

Updated – Prioritised Approach for version 3.2 

By Natasja Bolton, Senior Acquirer Support   The Prioritised Approach for PCI DSS, has been updated by the PCI Council to reflect the updated PCI DSS version 3.2. As most of you will know, the Prioritised Approach and its associated Excel Tool offers a risk-based, incremental approach to PCI DSS compliance.  It defines six security milestones […]

0 Shares
Articles

Ask a QSA

‘Ask a QSA’ has received the below question that we feel will resonate with some of our clients. Seasoned QSA, Natasja Bolton stepped up to the challenge.   One of our merchants has provided their Attestation of Compliance (AOC) as a Service Provider, can we accept that AOC as covering their merchant compliance too?   […]

0 Shares
Why P2PE Solution Validation is not as hard as you may think
Articles, Blog

Why P2PE Solution Validation is not as hard as you may think

Natasja Bolton, Senior Acquirer Support, investigates   We previously wrote about the release of PCI P2PE Version 2 and its impact for acquirers and their merchants. In this follow-up article we explore an issue that has come to Sysnet’s attention: that many terminal solution providers and point-of-sale (POS) vendors appear to be actively avoiding P2PE […]

0 Shares
Unauthorised Wireless Access Points – Steps to ensure that your customers are secure 
Articles

Unauthorised Wireless Access Points – Steps to ensure that your customers are secure 

By Jason McWhirr, Information Security Consultant   The likelihood that your customers will experience a data breach at some stage is unfortunately now a fact of life. It’s not if it will happen, it’s when will it happen?   In the previous article, Ransomware – Did you update your incident response plan? we discussed how […]

0 Shares
Uncategorised

Your customers find security and compliance complicated, how you can help

We all know that security and compliance can be complicated for businesses. There are so many components for your customers to consider and manage. Businesses, in particular, small to medium ones often just want the pain to be taken away. The bottom line is that over the years when it comes to securely accepting payment […]

0 Shares
Keep the compliance jargon to a minimum
Articles, Blog

Keep the compliance jargon to a minimum

“[Unfamiliar acronyms] create false economies. They may save a few words, but they may also frustrate and force the reader to take more time and effort to understand the document.” U.S. Securities and Exchange Commission, Plain English Handbook.   Most sectors have their own industry jargon and acronyms, familiar to those working within the industry […]

0 Shares
Merchant Receipts: Are your customers storing more payment card data than they need?
Articles, Blog

Merchant Receipts: Are your customers storing more payment card data than they need?

By Natasja Bolton, Senior Acquirer Support   Face to face card payment transactions generate two receipts – the cardholder copy, on which the Primary Account Number (PAN) must be truncated, and the merchant copy which will usually show the full PAN.   Businesses are well aware that they must retain their merchant copy receipts in […]

0 Shares
Ask a QSA
Articles

Ask a QSA

‘Ask a QSA’ has received a number of queries recently, the below question is somewhat unusual but is something that will resonate with some of our clients. Seasoned QSA, Natasja Bolton stepped up to the challenge.   Do acquirers need to be listed as a service provider in Part 2f of the SAQ or included […]

0 Shares
How PCI DSS builds layers of protection
Articles, Blog, Cyber Risk

How PCI DSS builds layers of protection

By Natasja Bolton, Acquirer Support Manager The primary objectives (or attributes) of security (whether that be ‘information security’ or more recently ‘cyber security’) are encompassed in the CIA triad: Confidentiality, Integrity and Availability which are defined as: Confidentiality: ensuring that information is accessible only to those authorised to have access Integrity: ensuring the accuracy and […]

0 Shares
Choosing-the-right-communications-channel-to-drive-engagement
Articles, Blog, Infographics

Choosing the right communications channel to drive engagement

Increasing and maintaining PCI DSS compliance can be a challenge, many factors often come into play, from how customers are engaging with their PCI programme to what channel and communications are compelling them to take action. Every communication channel has a value and a benefit, understanding when to implement which channel and at what stage […]

0 Shares
Articles

Streamline VIP customer compliance management

Managing your database of customers across all PCI DSS levels can be challenging and may involve multiple spreadsheets, documents and email accounts scattered across your business. Engaging your relationship managed customers and guiding them through their PCI DSS journey can be complicated and challenging to keep track of.   Sysnet’s VIP Manager addresses these issues […]

0 Shares