PFI Investigations

IntaForensics® consultants focus on current and impending cyber security risks, advising and supporting clients to ensure they understand the dangers and implications of a successful attack. In a world where your data is a highly sought-after commodity, making sure it is protected must be regarded as a top priority for all organisations.

ccss-certlogo500x500 iasme-certlogo500x500 cyberessentials-certlogo500x500 pci-certlogo500x500-2 crest-certlogo500x500 attcyber-certlogo500x500

PCI DSS Forensic Investigations

In today’s technology driven world, the acceptance of card payments is regarded as a fundamental aspect of any business. The theft of payment card data is a highly lucrative enterprise with criminals investing considerable time, energy and resources into locating, stealing and illegally utilising payment cards to commit widespread and costly fraud.

Merchants and payment service providers have a duty to maintain cardholder data securely. Failure to do so can result in significant financial penalties if they are a victim of a data compromise or are found to be non-compliant with the PCI DSS standard. Organisations which hold cardholder data are also subject to the authority of the Information Commissioner’s Office (ICO) who can impose substantial fines for breaches of data protection legislation.

The sooner an organisation responds to a potential breach, the lower the likely penalties and sanctions will be. It therefore makes sense to deal with a company which has substantial resources to deploy quickly to identify the causes and methods by which cardholder data has been compromised. Speed of deployment and analysis is vital and can save substantial sums for organisations. Where such breaches have occurred, the merchant or payment service provider identified as the Common Point of Purchase (CPP) will be mandated to conduct a PFI Investigation or an Acquirer-led Independent Investigation. This is to immediately contain, investigate and remediate the incident and eliminate the risk of fraudulent access to cardholder data.

PCI Forensic Investigators (PFIs) are licensed by the PCI Security Standards Council. IntaForensics are a PFI Company and licensed to conduct investigations throughout Europe.

The PFI Investigation Process

Determine the Scope of the Environment Where the Breach Occurred

A thorough scoping exercise is conducted to establish the full scope of the investigation. This will include the Cardholder Data Environment (CDE) and any connections where payment card data is stored processed or transmitted

Collate Evidence, Preliminary Report and Forensic Analysis

Forensic acquisition of relevant evidence and data for investigation. This may be done either onsite or remotely. This data will undergo processing, triage and review

Containment Strategy and Containment Verification

Advice will be provided regarding containment of the incident and evidence of successful containment required to assure the major card schemes that identified vulnerabilities have been addressed

Final Report

A comprehensive final report will be prepared and submitted to all stakeholders, this includes the affected entity, their acquiring bank and the major card schemes

PFI Forensic Investigation

Who is this Service For?

PFI Investigations are designed for merchants and service providers that have suffered a breach of cardholder data and have been instructed, by their acquiring bank, to undertake an investigation using an approved PFI Vendor. This process is regulated by the PCI Council and the card brands. These are designed for merchants who are level 1 or 2, or who have specifically been requested to have a PFI.

Independent Investigation

Who is this Service For?

Independent Investigations are designed for merchants that have suffered a breach of cardholder data and have been instructed that they must undertake an investigation. This process is managed by your acquiring bank and is designed for merchants who are level 3 or 4.

As regular customers of IntaForensics, I highly recommend the company for the services delivered by Damian Walton and his team. I couldn’t praise their Cyber Essentials services and support highly enough.

Ryan James, Managing Director - nFocus

How to Spot a Phishing Email

Have you received an email saying you have missed a parcel, but did not order anything? Could this be a […]

Read More

Cyber Essentials – Simple, Effective and Affordable Cyber Security for the Legal Profession

With reams of sensitive personal data and transactions that involve large sums of money, the legal sector remains a huge […]

Read More

Calling all Registered Charities: Get Cyber Essentials at a Special Discount with IntaForensics

Charities play a crucial role in society, providing support and relief to those who need it most in their darkest […]

Read More

Talk to our consultation team today

Contact Us