Breach Support (PFI & IFI)
The Payment Card Industry Security Standards Council (PCI SSC) is the worldwide industry body which assumes responsibility for the policing of universal standards in the payment card industry. Although it does not have statutory status, its authority and influence make its provisions in many ways more persuasive and effective than any regulation that a legislature could devise. Its strict regime of protections and compliance obligations apply all over the world and are designed not only to protect the users of credit and debit cards but also to safeguard the reputation of individual companies and the industry as a whole. Theft of card information is one of the major challenges facing the payment provider industry and controls are designed to be exhaustive and robust.
However, when a breach is identified, usually as a result of cardholder reports, a PCI Forensic Investigator (PFI) must be called in to examine all the circumstances of the breach. PFIs are qualified professionals who are assessed and accredited by the PCI. The company which is identified as the common point of purchase and therefore the likely source of the breach will be required to fund the procedure, which can be expensive as well as far-reaching. The findings of the internal forensic investigation (IFI) will be binding and the company will need to prepare a detailed plan as to how it intends to implement the recommendations.
The benefits of a breach support service
How a breach support subscription service can save the day
Because a security breach can occur even in the most carefully designed and maintained systems, it is highly advisable to prepare for the worst scenario. Unless your business has procedures in place, there will inevitably be a delay between notification of a breach and the instigation of an investigation and remedial enquiry. You can give your business a certain level of damage limitation insurance by putting in place arrangements that will give you instant access to highly qualified forensic auditors. Whenever a security breach comes to light, an acquiring bank will normally demand a PCI forensic investigation to determine what went wrong and recommend ways to avoid a repetition. The more quickly a company responds to a breach, the less severe the likely consequences in terms of fines and sanctions.
Gradeon offers a complete incident response service which not only deals with the aftermath of a breach but also provides training and advice on how to prepare for threats to cyber security. Just as the speed of your reaction to a breach counts in your favour when responsibility is apportioned, so too does the thoroughness of your preparation. If you can demonstrate that you have taken all reasonable measures, the findings of the PFI is likely to be less critical of your processes while still acknowledging that they have failed. Gradeon’s breach support scheme is a subscription service which helps you establish best practice security measures, gives you immediate access to expert investigators and even provides legal advice on mitigation and compensation in terms of losses suffered by cardholders. It’s easy to be wise in hindsight, but it’s far better to be ready for the worst. It may never happen, but if it does, you will have the tools to recover.