Cybersecurity Insights

Richard Jones

Richard could be considered as a PCI DSS / payment security veteran having been actively involved in Business Development roles in this field for nearly 9 years. During this time he has worked with merchant customers of all sizes and has latterly been focused on large scale programs to serve the self-assessment validation requirements of the SMB market. His experience extends to working with leading acquiring banks and payment services providers throughout the EMEA region. Prior to PCI DSS, Richard held positions at a number of Cyber Security start-ups, focusing on biometrics, digital rights management and managed security services. He is also a contributor to The Analogies Project: https://theanalogiesproject.org/

Recent Posts

Richard Jones

Automotive Cyber Security – how cyber-secure is your car?

22/07/15 11:50

Today it’s been published that a car has had its systems hacked into and been forced off the road, with the unfortunate driver ending up in a ditch, reportedly caused by a software vulnerability in the entertainment and navigation system being exploited to allow remote control of key functionality of the vehicle.

Read More
Richard Jones

Your business is in the cloud -
So don't bury your head in the sand.

16/03/15 11:48

There is little doubt that e-commerce has finally come of age and the hype of the late nineties has in many ways been exceeded. Whilst the predicted death knell of high street has not materialised, a physical, customer-present only approach to retailing is becoming the exception rather than the rule.  What’s more, small businesses now live and die by their reputation.

Read More
Richard Jones

Security & 'The Internet of Things'

13/02/15 16:30

Richard Jones, one of our PCI DSS/Payment Security Specialists, gives his thoughts on the landscape of PCI Compliance (and driverless cars!)

 It was slightly ironic that the day after my niece passed her driving test, at the 4th attempt I might add, the media was gripped with the excitement of a driverless car being tested out on the streets of Milton Keynes! The fact that it took 4 attempts to pass is testament to the fact that the barriers to entry as far as driving on the streets of the UK are concerned remain fairly high, arguably higher than when I learnt to drive in the 80’s.

Whilst cars have become safer and are now equipped with all manner of driving aids (mine parks itself, or so I am led to believe), the process by which one gains their driving license has remained pretty consistent. Some formal tuition, plenty of practise and a sound understanding of the Highway Code - whether your first vehicle is a Ferrari or a Fiat, the process is the same.

Read More
Richard Jones

Help, I may be victim of a data compromise. What to do next?

04/02/15 09:30

There is little doubt that many retailers are visited on a daily basis by ‘customers’ whose intention it is to steal rather than pay for the goods on show. Physical security has evolved to make their criminal intentions that much more difficult to put into practice. CCTV, store detectives, security tags are some of the more obvious controls that help retailers to avoid ‘shrinkage’ as it is known in the trade. I am sure there are other tools and techniques that go unseen, however it is proof if ever it were needed that those with criminal intent are in our midst.

Although far less obvious, the same is true in our interconnected world.  Systems are regularly being ‘attacked’, the bad guys are regularly visiting your store; however as in a physical store, the key is ensuring that they leave empty handed.

If they leave with sensitive data - in this case credit card numbers - then you have had a data compromise.

Read More
Richard Jones

Speeding up a PCI Forensic Investigation

02/02/15 11:30

Rapid Resolution to Suspected Account Data Compromises

Until now Forensic investigations that are initiated as a result of a suspected card data compromise have followed a well-defined, reactive, time consuming, resource intensive and costly process. In most instances the merchant at the center of the compromise is ignorant of the fact that they have been breached and that they are sitting on a financial ‘time-bomb’.

In such situations there are no winners other than the fraudsters who are often able to harvest card data at leisure until they decide to ‘cash out’. Having monetised their haul, the victim will almost certainly be notified via their acquiring bank that they are a common point of purchase. (CPP)

The resulting financial fall-out is bad news for all parties involved, indeed it is not unusual to see small organisations put out of business as a result of the fees and fines incurred as a result of a cardholder data breach.

Having worked in this field for the last decade, the Foregenix team are shifting the paradigm to a defensive, proactive model that looks to help merchants (retail, hospitality, e-comm) avoid breaches in the first place. What’s more the same technology can be deployed as part of a forensic investigation to significantly reduce the card compromise exploitation window and the financial impact of the forensic investigation itself.

This two part blog will look at Serengeti and how it significantly benefits both the acquiring bank and their merchant’s customers.

Read More

Richard Jones

Richard could be considered as a PCI DSS / payment security veteran having been actively involved in Business Development roles in this field for nearly 9 years. During this time he has worked with merchant customers of all sizes and has latterly been focused on large scale programs to serve the self-assessment validation requirements of the SMB market. His experience extends to working with leading acquiring banks and payment services providers throughout the EMEA region. Prior to PCI DSS, Richard held positions at a number of Cyber Security start-ups, focusing on biometrics, digital rights management and managed security services. He is also a contributor to The Analogies Project: https://theanalogiesproject.org/

Recent Posts

Richard Jones

Automotive Cyber Security – how cyber-secure is your car?

22/07/15 11:50

Today it’s been published that a car has had its systems hacked into and been forced off the road, with the unfortunate driver ending up in a ditch, reportedly caused by a software vulnerability in the entertainment and navigation system being exploited to allow remote control of key functionality of the vehicle.

Read More
Richard Jones

Your business is in the cloud -
So don't bury your head in the sand.

16/03/15 11:48

There is little doubt that e-commerce has finally come of age and the hype of the late nineties has in many ways been exceeded. Whilst the predicted death knell of high street has not materialised, a physical, customer-present only approach to retailing is becoming the exception rather than the rule.  What’s more, small businesses now live and die by their reputation.

Read More
Richard Jones

Security & 'The Internet of Things'

13/02/15 16:30

Richard Jones, one of our PCI DSS/Payment Security Specialists, gives his thoughts on the landscape of PCI Compliance (and driverless cars!)

 It was slightly ironic that the day after my niece passed her driving test, at the 4th attempt I might add, the media was gripped with the excitement of a driverless car being tested out on the streets of Milton Keynes! The fact that it took 4 attempts to pass is testament to the fact that the barriers to entry as far as driving on the streets of the UK are concerned remain fairly high, arguably higher than when I learnt to drive in the 80’s.

Whilst cars have become safer and are now equipped with all manner of driving aids (mine parks itself, or so I am led to believe), the process by which one gains their driving license has remained pretty consistent. Some formal tuition, plenty of practise and a sound understanding of the Highway Code - whether your first vehicle is a Ferrari or a Fiat, the process is the same.

Read More
Richard Jones

Help, I may be victim of a data compromise. What to do next?

04/02/15 09:30

There is little doubt that many retailers are visited on a daily basis by ‘customers’ whose intention it is to steal rather than pay for the goods on show. Physical security has evolved to make their criminal intentions that much more difficult to put into practice. CCTV, store detectives, security tags are some of the more obvious controls that help retailers to avoid ‘shrinkage’ as it is known in the trade. I am sure there are other tools and techniques that go unseen, however it is proof if ever it were needed that those with criminal intent are in our midst.

Although far less obvious, the same is true in our interconnected world.  Systems are regularly being ‘attacked’, the bad guys are regularly visiting your store; however as in a physical store, the key is ensuring that they leave empty handed.

If they leave with sensitive data - in this case credit card numbers - then you have had a data compromise.

Read More
Richard Jones

Speeding up a PCI Forensic Investigation

02/02/15 11:30

Rapid Resolution to Suspected Account Data Compromises

Until now Forensic investigations that are initiated as a result of a suspected card data compromise have followed a well-defined, reactive, time consuming, resource intensive and costly process. In most instances the merchant at the center of the compromise is ignorant of the fact that they have been breached and that they are sitting on a financial ‘time-bomb’.

In such situations there are no winners other than the fraudsters who are often able to harvest card data at leisure until they decide to ‘cash out’. Having monetised their haul, the victim will almost certainly be notified via their acquiring bank that they are a common point of purchase. (CPP)

The resulting financial fall-out is bad news for all parties involved, indeed it is not unusual to see small organisations put out of business as a result of the fees and fines incurred as a result of a cardholder data breach.

Having worked in this field for the last decade, the Foregenix team are shifting the paradigm to a defensive, proactive model that looks to help merchants (retail, hospitality, e-comm) avoid breaches in the first place. What’s more the same technology can be deployed as part of a forensic investigation to significantly reduce the card compromise exploitation window and the financial impact of the forensic investigation itself.

This two part blog will look at Serengeti and how it significantly benefits both the acquiring bank and their merchant’s customers.

Read More