Compliance with the PCI DSS (Payment Card Industry Data Security Standard) is mandatory for all businesses accepting cards for payment. The Standard ensures appropriate security protocols are applied to your payment acceptance environment to protect against fraud. In its simplest form, the process of achieving compliance involves a scoping (or profiling) stage, which determines […]
By Judith Clark, QSA Consultant In recent years, numerous security reports have identified an increasing trend for intrusions affecting Point of Sale (POS) environments to have involved insecure remote access from service providers and their networks. As the ENISA points out, criminals are turning to network-based attacks against retailers’ POS infrastructure because attacks requiring physical […]
Businesses that accept payment cards for goods or services are often targeted by criminals who will attempt to tamper or substitute their card reading device. Regular inspection of payment card terminals and PIN entry devices is one of the most effective ways that businesses can ensure that their devices are secure from tampering and substitution. In the […]
Natasja Bolton, Senior Acquirer Support, investigates We previously wrote about the release of PCI P2PE Version 2 and its impact for acquirers and their merchants. In this follow-up article we explore an issue that has come to Sysnet’s attention: that many terminal solution providers and point-of-sale (POS) vendors appear to be actively avoiding P2PE […]
By Natasja Bolton, Acquirer Support Manager It’s suspected that several of the large retail chains that suffered major data breaches in the past few years were running 14 year old software Windows XP Embedded SP3, a Windows XP operating system version that is used by retailers of all sizes in their Point-of-Sale (POS) systems, and […]
Over the past number of years the merchant aggregator model has become more and more popular to the point where it might even be considered commonplace. These enterprises that essentially bring together a fragmented marketplace, funnel and process multiple merchant transactions through a single account. Well-known merchant aggregator brands such as Paypal, Checkout by […]
by Dr. Grigorios Fragkos, VP Cybersecurity Two new malware files have been identified targeting point-of-sale (POS) terminals called AbaddonPOS and Cherry Picker. The AbaddoPOS malware is delivered by the Angler Exploit Kit or through an infected Microsoft Office document. The malware targets the memory of all processes running on the infected system (excluding its own […]
by Jason McWhirr, IS Consultant Not surprisingly, most retailers are focussed on their customers and sales, using the tools that best facilitate that, not on security systems to protect cardholder data – despite the hazards that a data breach could present. Sysnet’s contact centre and acquirer support teams help retail merchants with their annual […]
by Jason McWhirr, Acquirer Support Consultant Back in June, the PCI Security Standards Council (PCI SSC) release version 2.0 of the Point to Point Encryption (P2PE) standard. What is P2PE? A P2PE system in a retail environment is designed to securely encrypt cardholder data from a merchant’s POI (Point of Interaction) device or POS […]
Though EMV Chip technology (chip and pin) has been effective in decreasing card fraud, criminals are increasingly using new methods to compromise data. From July 1st 2015, requirement 9.9 will be enforced by the Payment Card Industry Security Standards Council (PCI SSC). This requirement will ensure that merchants have controls and countermeasures in place […]
by Paul Prior, Chief Product Officer Despite the fact that the PCI DSS has been around for more than a decade now and that version 3.0 has recently been published, there remains some confusion about what makes a merchant compliant. This is particularly evident in the Level 4 space, largely resulting from a general deficit […]
SpotSkim is the industry’s only visual point-of-sale monitoring solution. It allows merchants to inventory, examine, and verify that their terminals and point-of-sale systems have not been modified or tampered with. SpotSkim simplifies and automates the inspection process with familiar, user-friendly smart phone technology, making it easy for merchants to quickly perform this essential security activity and get […]
