Enter your details below and we'll get back to you.
Retained by the PCI to conduct PFI Investigations, SRM have delivered 100’s of investigations in the UK and pride ourselves in providing expert and professional service. Our work satisfies all the requirements of acquiring banks along with guiding clients towards containment and remediation.
What is a PFI investigation?
A Payment Card Industry (PCI) Forensic Investigation is required by an acquiring bank where a breach has been identified. Breaches of data are normally identified when cardholder reports of fraud are linked through analysis. The cost is met by the organisation that has been identified as a ‘common point of purchase’ for the breach.
What are the challenges?
In today’s technology driven world, the acceptance of card payments is regarded as a fundamental aspect of any business. The theft of payment card data is a highly lucrative enterprise with criminals investing considerable time, energy and resources into locating, stealing and illegally utilising payment cards to commit widespread and costly fraud.
A failure to comply with the PCI DSS may lead to a compromise situation with cardholder data being inadvertently or intentionally placed in unauthorised hands and potentially subject to fraud.
The faster an Organisation responds to a potential breach, the lower the likely fines and sanctions will be. Where incidents have occurred, the merchant or payment service provider may need to conduct a forensic investigation in order to stem the fraudulent flow of information and to take steps towards regaining PCI compliance.
SRM is one of a handful of companies in the UK retained by the PCI to carry out PFI investigations. On completion of the investigation, SRM would formally document findings and provide a comprehensive ‘Final Incident Report’ that details the following:
- Outline of the investigation undertaken;
- Security issues identified, including all vulnerabilities identified;
- Where possible, logical steps that can be taken to remediate any issues identified.
Do I need a PFI Full or a PFI Lite Investigation?
PFI Lite investigations are a Visa Europe initiative designed for small eCommerce businesses who may have been hacked and lost cardholder data. This is a scaled-down PCI Forensic Investigation designed to provide an investigation and remediation service specifically for smaller eCommerce merchants. The SRM team is extremely experienced in collating information and scoping the type of investigation that is needed.
Retained Forensic & Incident Response (IR)
Ensuring you have access to Forensic Incident Response expertise is a proactive approach your organisation can take to information security.
PCI DSS Compliance
The SRM PCI DSS compliance team includes leading QSAs who use their wealth of experience to help organisations at all levels to understand not only how to comply but also how to reduce costs.
Digital Forensics Services
SRM’s Digital Forensics team has over 60 years combined experience in the criminal and civil investigation field, including over 40 years specialising in Digital Forensic analysis.
When choosing a managed eDisclosure service provider, trust and experience are key requirements.
PCI QSA Qualified Security Assessor
SRM is an accredited PA DSS assessor. With a forensic laboratory in the North East, we have the expertise and resource to guide software application companies through the process of certification.
Disaster Recovery Planning
As experienced providers of DR planning services, SRM works with clients to prioritise the survival of the business and the resumption of normal working practices as soon as possible.
Incident Response & Forensic Expertise Webinar – Would your business survive a cyber-attack or security breach?Tuesday, June 19th, 2018
As organisations endeavour to be as proactive as possible to protect themselves from a cyber attack or security incident, do you have access to the correct Incident Response expertise..
How PCI compliance puts you on course for GDPRTuesday, May 22nd, 2018
For a long time the General Data Protection Regulation has been looming on the horizon but in just a few short days it will arrive; a permanent aspect of..
PCI DSS: With charities gearing up for contactless payments what could possibly go wrong?Thursday, March 29th, 2018
More than 40 organisations, including McMillan Cancer, the NSPCC, the RNLI and the Church of England, have introduced technology which means that donations can be made with a quick..