PFI Investigations

IntaForensics® consultants focus on current and impending cyber security risks, advising and supporting clients to ensure they understand the dangers and implications of a successful attack. In a world where your data is a highly sought-after commodity, making sure it is protected must be regarded as a top priority for all organisations.

ccss-certlogo500x500 iasme-certlogo500x500 cyberessentials-certlogo500x500 pci-certlogo500x500-2 crest-certlogo500x500 attcyber-certlogo500x500

PCI DSS Forensic Investigations

In today’s technology driven world, the acceptance of card payments is regarded as a fundamental aspect of any business. The theft of payment card data is a highly lucrative enterprise with criminals investing considerable time, energy and resources into locating, stealing and illegally utilising payment cards to commit widespread and costly fraud.

Merchants and payment service providers have a duty to maintain cardholder data securely. Failure to do so can result in significant financial penalties if they are a victim of a data compromise or are found to be non-compliant with the PCI DSS standard. Organisations which hold cardholder data are also subject to the authority of the Information Commissioner’s Office (ICO) who can impose substantial fines for breaches of data protection legislation.

The sooner an organisation responds to a potential breach, the lower the likely penalties and sanctions will be. It therefore makes sense to deal with a company which has substantial resources to deploy quickly to identify the causes and methods by which cardholder data has been compromised. Speed of deployment and analysis is vital and can save substantial sums for organisations. Where such breaches have occurred, the merchant or payment service provider identified as the Common Point of Purchase (CPP) will be mandated to conduct a PFI Investigation or an Acquirer-led Independent Investigation. This is to immediately contain, investigate and remediate the incident and eliminate the risk of fraudulent access to cardholder data.

PCI Forensic Investigators (PFIs) are licensed by the PCI Security Standards Council. IntaForensics are a PFI Company and licensed to conduct investigations throughout Europe.

PFI Forensic Investigation

Who is this Service For?

PFI Investigations are designed for merchants and service providers that have suffered a breach of cardholder data and have been instructed, by their acquiring bank, to undertake an investigation using an approved PFI Vendor. This process is regulated by the PCI Council and the card brands. These are designed for merchants who are level 1 or 2, or who have specifically been requested to have a PFI.

Independent Investigation

Who is this Service For?

Independent Investigations are designed for merchants that have suffered a breach of cardholder data and have been instructed that they must undertake an investigation. This process is managed by your acquiring bank and is designed for merchants who are level 3 or 4.

The PFI Investigation Process

A thorough scoping exercise is conducted to establish the full scope of the investigation. This will include Cardholder Data Environment (CDE) and any connections where payment card data is stored processed or transmitted.

Forensic acquisition of relevant evidence and data for investigation. This may be done either onesite or remotely. This data will undergo processing, triage and review.

Advice will be provided regarding containment of the incident and evidence of successful containment require to assure the major card schemes that identified vulnerabilities have been addressed.

A comprehensive final report will be prepared and submitted to all stakeholders, this includes the affected entity, their acquiring bank and the major card schemes.

Determine the Scope of the Environment Where the Breach Occurred

Collate Evidence, Preliminary Report and Forensic Analysis

Containment Strategy and Containment Verification

Final Report

As regular customers of IntaForensics, I highly recommend the company for the services delivered by Damian Walton and his team. I couldn’t praise their Cyber Essentials services and support highly enough.

Ryan James, Managing Director - nFocus

An Introduction to PCI DSS V4

To the lay-person, the PCI DSS can be a minefield and it can be difficult to know where to start. […]

Read More

Meet the Team: Holly Jackson

In the next instalment of our ‘meet the team’ series we caught up with Holly Jackson, Principal PCI (Payment Card […]

Read More

Changes to the PFI Process following the retirement of PFI Lite

Visa has recently retired its PFI Lite service, invoking significant changes to the PFI investigation services that we provide at […]

Read More

Contact our Cyber Security team today

Contact Us