Cybersecurity Insights

Kirsty Trainer

PCI Compliance, SAQ A & the Hacked Website. Does tick box compliance ensure security?

30/03/16 12:47

With the vast majority of online businesses being classified within the small to medium sized category and the huge growth in eCommerce, the Payment Card Industry (PCI) came to the realisation that one of the industry’s greatest exposures lies with the tens of thousands of small to medium sized eCommerce businesses potentially not protecting their client payment data effectively.

Read More
Benjamin Hosack

Foregenix certifies the world's first PCI P2PE v2 Application

25/03/16 14:36

Foregenix has certified the world's first PCI P2PE version 2 application for Optomany.

Foregenix is the global leader in assisting and certifying over 40% of the PCI P2PE solutions and over 80% of the PCI P2PE Payment Applications globally.

Working with Optomany, Foregenix assessed all aspects of the axept® application including development practices, encryption key management and the handling of sensitive cardholder and authentication data, resulting in an Attestation of Validation (AOV) from Foregenix and the Payment Card Industry (PCI) Security Standards Council confirming validation with the new internationally-recognised standard.

Read More
Richard Jones

The Visa EU Acquirer Mandate - What it means to SME Business

23/03/16 13:24


As a PCI Forensic Investigator (PFI) we have experienced an exponential increase in the number of e-commerce merchants who are succumbing to account data compromises.  This new mandate could have serious implications for those businesses and their acquiring banks.

Read More
Kirsty Trainer

PCI DSS v3.2: Update scheduled for March/April release

25/02/16 17:31

Recently the PCI Security Standards Council announced an upcoming update to the PCI DSS which will increment the version from 3.1 to 3.2. We knew an update was coming to account for the changes to SSL and early TLS per changes from version 3 to 3.1 and additional guidance provided on mitigating the risk of using these protocols in recent months. Additional changes are also being introduced as due to the maturity of the PCI DSS, the update cycle is changing. Rather than have a significant update at the end of this year, we can anticipate a more dynamic standard with rolling updates to reflect the evolving threat landscape. The next version is scheduled to be released in the first half of this year and the Council is aiming for a March/April timeframe.

Read More
Richard Jones

Prepare to don the ‘luminous green jacket’ of Cyber Security

08/01/16 15:55

There’s no doubt that each high profile data compromise story seems to garner more attention than the last. The news media thrives on stories that run and run, particularly if they have a whiff of corporate miss-doing about them.  The problem is that such ‘scandals’ are rarely isolated.  It’s more a case of who hits the headlines first and whether or not others can get their act together before they get found out too!  The reality is that many are ‘accidents waiting to happen’, a case of pushing ones luck for as long as one can get away with it. Simply put, taking a risk. After all isn’t that what running a business is all about?

Read More
Kirsty Trainer

PCI Compliance, SAQ A & the Hacked Website. Does tick box compliance ensure security?

30/03/16 12:47

With the vast majority of online businesses being classified within the small to medium sized category and the huge growth in eCommerce, the Payment Card Industry (PCI) came to the realisation that one of the industry’s greatest exposures lies with the tens of thousands of small to medium sized eCommerce businesses potentially not protecting their client payment data effectively.

Read More
Benjamin Hosack

Foregenix certifies the world's first PCI P2PE v2 Application

25/03/16 14:36

Foregenix has certified the world's first PCI P2PE version 2 application for Optomany.

Foregenix is the global leader in assisting and certifying over 40% of the PCI P2PE solutions and over 80% of the PCI P2PE Payment Applications globally.

Working with Optomany, Foregenix assessed all aspects of the axept® application including development practices, encryption key management and the handling of sensitive cardholder and authentication data, resulting in an Attestation of Validation (AOV) from Foregenix and the Payment Card Industry (PCI) Security Standards Council confirming validation with the new internationally-recognised standard.

Read More
Richard Jones

The Visa EU Acquirer Mandate - What it means to SME Business

23/03/16 13:24


As a PCI Forensic Investigator (PFI) we have experienced an exponential increase in the number of e-commerce merchants who are succumbing to account data compromises.  This new mandate could have serious implications for those businesses and their acquiring banks.

Read More
Kirsty Trainer

PCI DSS v3.2: Update scheduled for March/April release

25/02/16 17:31

Recently the PCI Security Standards Council announced an upcoming update to the PCI DSS which will increment the version from 3.1 to 3.2. We knew an update was coming to account for the changes to SSL and early TLS per changes from version 3 to 3.1 and additional guidance provided on mitigating the risk of using these protocols in recent months. Additional changes are also being introduced as due to the maturity of the PCI DSS, the update cycle is changing. Rather than have a significant update at the end of this year, we can anticipate a more dynamic standard with rolling updates to reflect the evolving threat landscape. The next version is scheduled to be released in the first half of this year and the Council is aiming for a March/April timeframe.

Read More
Richard Jones

Prepare to don the ‘luminous green jacket’ of Cyber Security

08/01/16 15:55

There’s no doubt that each high profile data compromise story seems to garner more attention than the last. The news media thrives on stories that run and run, particularly if they have a whiff of corporate miss-doing about them.  The problem is that such ‘scandals’ are rarely isolated.  It’s more a case of who hits the headlines first and whether or not others can get their act together before they get found out too!  The reality is that many are ‘accidents waiting to happen’, a case of pushing ones luck for as long as one can get away with it. Simply put, taking a risk. After all isn’t that what running a business is all about?

Read More