by Michael Hopewell, Managing Information Security Consultant. Introduction Many businesses have heard about Point to Point Encryption (P2PE). Point of Sale vendors, service providers and others often mention its benefits to businesses: P2PE can reduce risk to payment card data by rendering it unreadable, minimise the number of systems and networks in scope for […]
Compliance with the PCI DSS (Payment Card Industry Data Security Standard) is mandatory for all businesses accepting cards for payment. The Standard ensures appropriate security protocols are applied to your payment acceptance environment to protect against fraud. In its simplest form, the process of achieving compliance involves a scoping (or profiling) stage, which determines […]
By David Morris, PCI Compliance Analyst Following on from Natasja Bolton’s article that highlighted the PCI Council June 30th deadline in relation to organisations not using Secure Sockets Layer (SSL) or early Transport Layer Security (TLS) as a security control, David Morris discusses the reasons for the requirement to migrate to a secure version of […]
Cybersecurity becomes even more complicated in the context of today’s threat landscape, which is not only constantly changing, but is also expanding at an increasingly fast rate. This is the most problematic element of Cybersecurity; its evolution is so fast and unpredictable while the nature of the risks involved are constantly changing. Managing security […]
Online commerce has created incredible new opportunities for businesses to market and sell services globally. Many businesses, in particular small to medium ones, often do not consider that they could be targeted by cyber crime. The reality, unfortunately is that small to medium businesses are now very much being targeted by cyber criminals as many are […]
Conducting an outreach campaign can be tricky to get right as well as resource heavy. Responding to market conditions while also proactively engaging your customers through their preferred channels can be difficult to achieve successfully. It can make sense to outsource, however often providers are not specialised or experienced enough in conducting an outreach security and compliance […]
At Sysnet we believe that the industry should take a different direction. Replace the non-compliance fee with compliance and security value-added services. By doing so, it will make compliance and security services easier to consume for businesses. Whiles for organisations, they can achieve their objectives of reducing risk without damaging customer relationships. In the […]
Money can buy many things, however relationships is a trickier one. It involves behavioural traits that can’t always be easily defined and controlled. However the reality is that customer relationships are a key component of what drives business. Many organisations can get caught up in the detail of their products and services. Neglecting to […]
By Natasja Bolton, Senior Acquirer Support QSA On August 8th, 2016 Oracle issued a letter informing their MICROS customers that malicious code had been detected in certain legacy systems and advising on the actions their customers should take. Oracle’s letter and subsequent FAQs did not give details of the root cause of the MICROS […]
Security and compliance is a lot like having to do taxes, it’s a chore. Most businesses understand that it is important to be secure and compliant, but the complexity and time that it can take can indeed be off putting. In fact some businesses turn to accountants to look after their compliance with standards such […]
By Natasja Bolton, Senior Acquirer Support In 2015 use of the 20 year old SSL security protocol for encryption of sensitive data in transmission was deprecated (in PCI DSS v3.1) to encourage ecommerce businesses to migrate to TLS (Transport Layer Security). In 2016, further technology changes are underway that will impact those of your customers […]
We all know that security and compliance can be complicated for businesses. There are so many components for your customers to consider and manage. Businesses, in particular, small to medium ones often just want the pain to be taken away. The bottom line is that over the years when it comes to securely accepting payment […]
by Dr. Grigorios Fragkos, VP Cybersecurity At the beginning of 2016 we warned our readers about the increasing threat of ransomware and provided advice on having an incident response plan that is ready to face this emerging threat. Our article focused on tips related to prevention, response and evading extortion. If you did not have […]
by Dr. Grigorios Fragkos, VP Cybersecurity Building a Security Operations Centre (SOC) is undoubtedly the best move you can make towards protecting not only your organisation’s data, systems and services, but also any sensitive information about your clients that you handle or store. This article is a brief overview of the task of building […]
by Dr. Grigorios Fragkos, VP Cybersecurity Back in August 2015, Sysnet discussed the complexity of what the term CyberSecurity represents, especially in the context of today’s threat landscape. This complexity is not only constantly increasing but it is also expanding at an exponential rate. The risks involved demand constant attention and very good understanding of […]
Just in the the US alone, there are approximately 28 million SMBs many of which struggle with keeping their business safe from cybercriminals, they often lack the knowledge, resources and budget to implement a suitable cybersecurity plan. Given the sheer volume of SMBs within the majority of acquiring portfolios, the security of these customers can have a large […]
Over the past number of years the merchant aggregator model has become more and more popular to the point where it might even be considered commonplace. These enterprises that essentially bring together a fragmented marketplace, funnel and process multiple merchant transactions through a single account. Well-known merchant aggregator brands such as Paypal, Checkout by […]
By Natasja Bolton, Acquirer Support Manager Although PCI DSS is a prescriptive set of requirements focussed on payment card data and most cyber-security guides do not go to the same level of detail, being high-level recommendations and advice without specific measures of the achievement of the risk reduction objective, the Cyber Essentials Scheme does cover a […]
by Dr. Grigorios Fragkos, VP Cybersecurity Ransomware, a malware that prevents or in some cases limits users from accessing their data has been on the rise. Last year, 2015 saw a considerable increase with Crowti (also known as CryptoWall) and FakeBSOD being the two instances that affected more than 850,000 systems between June and November. […]
Following significant feedback from the global PCI community and security experts, the PCI Security Standards Council (PCI SSC) has extended the migration completion date for transitioning from SSL and TLS 1.0 to a secure version of TLS (currently v1.1 or higher) to 30 June 2018. This change gives organisations struggling to move away from […]
by Dr. Grigorios Fragkos, VP Cybersecurity Online shopping, especially during the holiday period, is a massively important trading platform for many businesses. For online retailers their ability to service high customer demand and ensure the availability of their website throughout this period is crucial to their success. The shopping frenzy has already started, with […]
Global data breach and security threat reports continue to highlight that all organisations both large and small may be subject to cyber attacks. As Forbes pointed out in a recent article, in 2014 “60 percent of all targeted attacks struck small- and medium-sized organizations”. In previous blog entries, we discussed that these smaller organisations […]
by Dr. Grigorios Fragkos, VP Cybersecurity In this article we will see how cybercriminals combine attack tactics in order to infiltrate businesses. All staff in an organisation, including the CEO and the board of directors, need to be not only aware of the emerging threats currently been seen in the wild, but also be cyber-aware […]
Most small businesses know that their customers’ loyalty is key to their success and constantly strive to keep their customers happy and coming back time and time again. However, many don’t realise that failing to secure their customers sensitive payment information, puts not only their customers’ loyalty but also the survival of their business at […]
For many businesses the task of reporting their compliance and maintaining the security of their systems can be challenging. We understand that security and compliance can be complicated. Sysnet simplify it, by taking the work away from businesses with our Proactive Data Security services. For further information click here
Sysnet is a true global market leader in Cyber Security Risk and Assurance, providing a comprehensive range of information security consultancy and assurance services in over 48 countries. Sysnet helps some of the largest global organisations to protect their business. We count brand names such as Walmart, The AA, AXA Insurance, Direct Line Group, Bloomberg, […]
Our award-winning, cyber security and compliance management solution Sysnet.air is an award-winning, cyber security and compliance management solution that helps businesses to improve security, and acquiring organisations to reduce risk. Sysnet.air has been designed to simplify security and compliance for small to medium sized businesses (SMBs) by profiling the business and personalising service offerings […]
by Jason McWhirr, Acquirer Support Consultant Back in June, the PCI Security Standards Council (PCI SSC) release version 2.0 of the Point to Point Encryption (P2PE) standard. What is P2PE? A P2PE system in a retail environment is designed to securely encrypt cardholder data from a merchant’s POI (Point of Interaction) device or POS […]
by Natasja Bolton, Acquirer Support Manager, Risk and Assurance Division Ecommerce merchants are encouraged to reduce the risk of payment card data compromises in their online trading by outsourcing the acceptance and processing of cardholder data to validated PCI DSS compliant service providers. The simplest and cheapest option for small ecommerce merchants is to […]
Logjam attack, a vulnerability that affects a number of major protocols has been discovered. The bug relates to a weakness within a cryptographic algorithm that is used in most protocols (such as HTTPS, SSH, IPsec, SMTPS, etc.) it is possible for a Man-in-The-Middle (MiTM) attacker to read and modify any data passed over the affected encrypted communication. […]
Helping our client’s customers to meet their compliance requirements as quickly and as painlessly as possible are key goals for Sysnet’s white labelled compliance management solution. Just one of the ways we achieve these goals is to provide download-able information a security policy template. This policy template is designed to assist customers with protecting their […]
by Executive Vice President, Strategy, Dr. Branden Williams ETA’s Transaction Trends publication recently featured an article by Darrel Anderson entitled Why PCI Compliance Isn’t Working. In it, he describes one of the problems that we’ve been exploring here over the last month or so—incentive structures for PCI DSS. At the ETA Strategic Leadership Forum, […]
The Payment Card Industry Data Security Standard and its requirements can sometimes be misinterpreted and can seem complex, especially for smaller businesses. In the following video ’10 common myths about the Payment Card Industry Data Security Standard’ we dispel some of the common myths concerning PCI DSS.
If you outsource card payment services remember that you are responsible for the security of the card data that you pass on to third parties. If those third parties are non-compliant with PCI DSS, you should not pass on data to them. Even when they are compliant don’t allow them to affect your ability […]
March 26th 2017. Sysnet Global Solutions, a leading provider of payment card industry compliance services specialising in PCI DSS compliance validation and merchant intelligence solutions, will present and exhibit at the annual SEMAFOR Conference taking place in Warsaw, Poland at the Courtyard Warsaw Airport. Sysnet’s Kris Olejniczak will present on Risk, challenges and problems […]
Passwords can unlock a wealth of information including your finances and your personal history. In business they can give unlimited access to company information and resources that can easily lead to a range of crimes and scams being perpetrated. Don’t be the weakest link – choose your password wisely. Treat your password like your […]
