Managing your database of customers across all PCI DSS levels can be challenging and may involve multiple spreadsheets, documents and email accounts scattered across your business. Engaging your relationship managed customers and guiding them through their PCI DSS journey can be complicated and challenging to keep track of. Sysnet’s VIP Manager addresses these issues […]
Just in the the US alone, there are approximately 28 million SMBs many of which struggle with keeping their business safe from cybercriminals, they often lack the knowledge, resources and budget to implement a suitable cybersecurity plan. Given the sheer volume of SMBs within the majority of acquiring portfolios, the security of these customers can have a large […]
By Natasja Bolton, Acquirer Support Manager It’s suspected that several of the large retail chains that suffered major data breaches in the past few years were running 14 year old software Windows XP Embedded SP3, a Windows XP operating system version that is used by retailers of all sizes in their Point-of-Sale (POS) systems, and […]
By Natasja Bolton, Acquirer Support Manager Although PCI DSS is a prescriptive set of requirements focussed on payment card data and most cyber-security guides do not go to the same level of detail, being high-level recommendations and advice without specific measures of the achievement of the risk reduction objective, the Cyber Essentials Scheme does cover a […]
According to a recent announcement, Visa will now require 100% of level 4 merchants in the US and Canada to have validated their PCI DSS compliance annually starting January 31st 2017. Whilst it has always been necessary for level 4 merchants to be compliant, these new rules will ensure that a consistent level of card […]
by Jason McWhirr, Information Security Consultant One of the most important (and underused) first steps for any business or service provider when undertaking PCI DSS is to understand how cardholder data is used within their organisation, its people, departments, and systems. Without first knowing this, it is impossible to know which parts of their organisation […]
Every engagement with a client provides an opportunity for you to strengthen your relationship with them. By ensuring that each contact makes them feel that they have a strong business partner that they can trust, rely on, and build their business with, you are fueling their loyalty and strengthening your customer relationship. Conversely, each […]
Following significant feedback from the global PCI community and security experts, the PCI Security Standards Council (PCI SSC) has extended the migration completion date for transitioning from SSL and TLS 1.0 to a secure version of TLS (currently v1.1 or higher) to 30 June 2018. This change gives organisations struggling to move away from […]
By Natasja Bolton, Acquirer Support Manager As we discussed in the Ecommerce SAQ Selection guide, business seeking to minimise their PCI DSS compliance obligations for their ecommerce payment channel often outsource all capture and processing of payment card data to validated PCI DSS compliant payment service providers (PSPs). The most common method of doing […]
Many factors can impact the effective delivery of a PCI programme for acquirers, processors and ISOs. From how customers are engaging with their PCI programme to what channel and communications are compelling them to take action. Download our Best Practice Guide where we take a look at how an omni-channel approach can improve customer […]
by Natasja Bolton, Acquirer Support Manager Business customers engage with all manner of third party service providers to support their business, whether that be IT support providers, data centres, offsite storage providers, hosting providers or payment processors. What is not always understood is that outsourcing a business operation or buying in a service […]
by Natasja Bolton, Acquirer Support Manager Most small and medium-sized merchants rely on an online compliance portal, such as our Sysnet.air solution, to determine the appropriate SAQ for their PCI DSS self-assessment. SAQ determination is based on the merchant’s completion of a series of questions on their payment channels and payment processing methods. For many merchants […]
In our experience, getting merchants compliant is not unlike carrying out a sales campaign, it can sometimes take quite a few calls to successfully engage merchants in the process. Studies show that 80 Percent of successful sales require five follow-up calls. Though it seldom takes that many calls to get merchants compliant, sometimes a […]
Outsourcing makes sense and is widely practiced by many organisations for all sorts of business processes. However, within the payments industry, one area where outsourcing is not so readily embraced is that of merchant contact services and with good reason. One of the primary disadvantages of outsourcing this service is the lack of customer focus. […]
by Jason McWhirr, IS Consultant Not surprisingly, most retailers are focussed on their customers and sales, using the tools that best facilitate that, not on security systems to protect cardholder data – despite the hazards that a data breach could present. Sysnet’s contact centre and acquirer support teams help retail merchants with their annual […]
We have been listening closely to our clients to understand the challenges they face day to day around their PCI DSS requirements. One of the most common difficulties facing acquiring organisations is around the management of compliance of their account managed merchant customers. Difficulties can range from the collection and collation of data, tracking […]
VIP Manager provides acquiring organisations with a highly efficient, cost effective, online solution for managing the PCI DSS compliance reporting of their VIP merchants. Working with some of the world’s largest acquiring organisations has given Sysnet a deep insight into how those organisations manage their VIP merchants’ PCI DSS compliance and associated reporting requirements […]
by Natasja Bolton, Acquirer Support Manager, Risk and Assurance Division Ecommerce merchants are encouraged to reduce the risk of payment card data compromises in their online trading by outsourcing the acceptance and processing of cardholder data to validated PCI DSS compliant service providers. The simplest and cheapest option for small ecommerce merchants is to […]
July 1st, 2015, – Cape Town, South-Africa /Dublin, Ireland – Callpay, a leading telephony card based payments company that boast numerous innovative patent-pending PCI DSS Level 1 compliant payment products, today announced that it has achieved certification with the Payment Card Industry Data Security Standard (PCI DSS) version 3.1. Callpay’s v3.1 certification was completed […]
June 30th, 2015, London, United Kingdom / Dublin, Ireland / Atlanta, Georgia – Sysnet Global Solutions, announced at PCI London today that ComplianceMaker, part of the Sysnet.air® solution, is now certifying to Payment Card Industry Data Security Standard (PCI DSS) v3.1. Sysnet.air is a leading payment card industry, cyber security and compliance solution that […]
by Anne Wood, Quality Service Delivery Manager Since the introduction of PCI DSS, acquirers and card brands have placed increasing pressure on merchants to report compliance with the standard. Compliance in itself is often seen as a check-box exercise, and with self-assessment based reporting for a majority of organisations, there is a risk that this […]
by Paul Prior, SVP Client Engagement Much has been written over the past number of months in the payments industry regarding the adoption of EMV in the US and yet there remains an unfortunate misconception that its introduction means that PCI DSS “goes away”. The reality however is that this is not the case […]
May 26th, 2015, – Dublin, Ireland / Atlanta, Georgia – Sysnet Global Solutions, a leading provider of Payment Card Industry (PCI) compliance management services specialising in PCI DSS and merchant intelligence solutions, announced today that it has appointed Ted Lasch as SVP of Sales, Americas. Ted brings over 25 years’ of experience in the payments […]
The VENOM Vulnerability, a recently discovered critical flaw in the QEMU’s virtual Floppy Disk Controller (FDC) affects numerous virtualisation platforms and appliances such as Xen, KVM, and the native QEMU. As far as we know, to date, it does not impact VMware, Microsoft Hyper-V, and the Bochs hypervisors. The bug’s name is an acronym […]
by Anne Wood, Managing Information Security Consultant When we work with clients tackling compliance for the first time, we generally find one of two scenarios. In the first, organisations have a comprehensive suite of documents but lack in operational processes. In the second, we see a reasonable level of operational process but a lack of […]
By Jeff Montgomery, Principal Information Security Consultant On the 13th of February, the PCI Standards Security Council (SSC) released an official statement confirming the impending release of a new version of the PCI DSS and PA DSS. They also released a follow up statement on the 25th of March. What we know As the […]
by Jason McWhirr, Information Security Consultant, Consulting Services Sysnet’s QSA community has observed that in recent months merchants have become bolder in challenging why compliance with the Payment Card Industry Data Security Standard (PCI DSS) is necessary for their business; challenging what they see as a costly and time-consuming imposition when they believe there is […]
Though EMV Chip technology (chip and pin) has been effective in decreasing card fraud, criminals are increasingly using new methods to compromise data. From July 1st 2015, requirement 9.9 will be enforced by the Payment Card Industry Security Standards Council (PCI SSC). This requirement will ensure that merchants have controls and countermeasures in place […]
Many acquiring organisations find it challenging to get their small and medium sized merchants to engage with their PCI DSS compliance programmes. The main reason for this is that the PCI DSS validation process can be quite daunting for business owners who are consumed with the day-to-day running of their business but have not […]
Managing the PCI compliance of large, complex merchants is a real challenge for acquiring organisations. Working with some of the world’s largest acquirers has given Sysnet a deep insight into how those organisations manage their VIP merchants’ PCI DSS compliance and associated reporting requirements and more importantly, into the common issues they face when managing […]
by Paul Prior, Chief Product Officer Despite the fact that the PCI DSS has been around for more than a decade now and that version 3.0 has recently been published, there remains some confusion about what makes a merchant compliant. This is particularly evident in the Level 4 space, largely resulting from a general deficit […]
by Ferdinand Roberts, Global Head of Sales & Strategic Partnerships Anyone who has ever taken the time to examine the dynamics of markets will notice the cyclical characteristics they exhibit over time. Apart from the economic theory that surrounds this, to me, it suggests something more fundamental. At the heart of many of these cycles […]
Feb 11th, 2015, Dublin, Ireland / Atlanta, Georgia – Sysnet Global Solutions today announced that since January 1st 2015 and following the upgrade of the vast majority of its clients to ComplianceMaker 3.0, almost 40,000 merchants have successfully certified against PCI DSS v3.0. Of these 40,000 merchants almost 7,000 have certified to newly introduced SAQ […]
Payment processing is often viewed as a commodity because in the majority of cases the service characteristics are undifferentiated. The technologies used and the services offered are often quite similar making it relatively easy for a merchant to move from one provider to the next. This can result in a scenario where merchants move from […]
November 18th 2014. Sysnet Global Solutions, a leading provider of payment card industry compliance services specialising in PCI DSS compliance validation and merchant intelligence solutions, will attend the PCI SSC 2014 Asia-Pacific Community Meeting, November 18th – 19th, in Sydney Australia at the Hilton Sydney hotel. Branden Williams will represent Sysnet during the duration of […]
by Executive Vice President, Strategy, Dr. Branden Williams ETA’s Transaction Trends publication recently featured an article by Darrel Anderson entitled Why PCI Compliance Isn’t Working. In it, he describes one of the problems that we’ve been exploring here over the last month or so—incentive structures for PCI DSS. At the ETA Strategic Leadership Forum, […]
If your organisation stores card data, you have an obligation under the Payment Card Industry Data Security Standard to protect it. Cardholder data is any information contained on a customers’ payment card. The primary account number or PAN, card security code, cardholder name and expiration date are printed on the front of the card and […]
The Payment Card Industry Data Security Standard and its requirements can sometimes be misinterpreted and can seem complex, especially for smaller businesses. In the following video ’10 common myths about the Payment Card Industry Data Security Standard’ we dispel some of the common myths concerning PCI DSS.
If you outsource card payment services remember that you are responsible for the security of the card data that you pass on to third parties. If those third parties are non-compliant with PCI DSS, you should not pass on data to them. Even when they are compliant don’t allow them to affect your ability […]
Any event where data falls into the wrong hands is considered an account data compromise, these acts are often carried out by organised crime for financial gain. If you are not PCI DSS compliant the risk of a compromise happening are hugely increased. In the following video ‘Dealing with an account data compromise’ we […]
