PCI Forensic Investigation
The Payment Card Industry (PCI) is committed to eliminating card fraud and data breaches as completely as possible but no security system will be infallible. With billions of breaches being recorded every year, their work is ongoing and an important element of it is the development of procedures to discover the causes of breaches, identify vulnerabilities and learn from the evolving criminal methods that take advantage of those vulnerabilities. If you imagine a security lapse or a hacking incident as a crime scene then you will appreciate the requirement for the equivalent of a police unit to examine and explain what happened. That is the role of the PCI forensic investigator (PFI).
Where the PFI’s role diverges from the policing model is in the fact that they are not concerned with the perpetrators of the attack. Their job is simply to investigate all the circumstances surrounding the breach – how, why and when it happened, whether it could happen again – and compile clear, detailed instructions on how to prevent a repetition. A PCI forensic investigator is a specialist who employs validated methodologies and digital tools. PFIs are accredited by the PCI council and must be representatives of a Qualified Security Assessor organisation which is itself certified by the PCI SSC. A PCI forensic investigation will be demanded by an acquiring bank when a breach is discovered, usually through notifications from cardholders which uncover a pattern pointing to the organisation that is the common point of purchase.
Central elements of PCI forensics
Get help from the professionals
The cost of a PCI forensic investigation must be borne by the organisation which has been identified as the source of the breach. In addition to instigating and co-operating with the investigation, the organisation should also take every other possible measure to respond and minimise loss. The faster and more comprehensive the response, the lower any fines are likely to be. The framework of the investigation can be broken down into two constituent parts: the first is the identification of all security issues, including vulnerabilities, errors and omissions; the second is the recommendation of logical, appropriate steps to rectify the failings. At this point, the PCI forensic investigator’s job is finished.
This is where the company’s work begins. Armed with the findings of the investigator, the company must then address the process of fixing the weaknesses in its cyber security. Although it will have been given clear guidance as to what action needs to be taken, the company may not necessarily have the resources or expertise to follow through on its own. That is where Gradeon comes in. We are highly experienced in all issues of compliance, security and the fall-out from PCI forensic investigations. We will examine the findings from the investigation, appraise the solutions suggested and devise the optimal ways to implement them. We will not have had any involvement in the process up to this point but that is not necessary – our skill is in turning recommendations into reality. Ask us about how we can help you recover quickly and smoothly from the regrettable experience of a data breach.