PCI Forensic Investigator (PFI)

Challenge & Solution Service Details  

Challenge

PCI DSS provides organizations that handle cardholder data with a set of principles and requirements designed to assist them in the creation of a secure network. When a breach occurs, pandemonium will erupt, the source may be difficult to pin down and any new transactions over the network could be compromised. During the chaos, you will need to act decisively and likely be required to call in an independent third party to conduct a thorough forensic investigation. Several providers are available, but finding one that will be sensitive to your internal needs, work within your budget and be able to help with remediation will be difficult.

Solution

A breach or network compromise requires immediate action by accredited remediation professionals. As a member of elite PCI Forensics Investigator (PFI) programs, FishNet Security takes immediate action when payment card data breaches occur, investigating the incidents onsite, overseeing remediation procedures and providing final assurance to Visa that compromised systems have been secured and returned to compliance.

Benefits

  • Avoids fines and disruptions to your payment card transaction processes
  • Through quick action by PFI assessors, minimizes consequences and ensures a return to security and compliance in the event of a breach
  • Ensures quality, accuracy and thoroughness of your assessment, with proven methodology
  • Provides certified assessors who help ensure the security, integrity and availability of your information assets
  • Through trusted partner methodology, ensures that your organization's internal requirements as well as reporting and communications requirements are met

 

I received notice of breach, what now?

  1. Execute your internal Incident Response Program
  2. Communicate with pertinent entities:
    • Select a PFI immediately

      FishNet Security PFI contact info:
      1.888.732.9407
      PFI@fishnetsecurity.com

    • Communicate with Internal or external counsel
  3. Collect / Acquire all suspect devices
  4. Work with legal counsel to determine legal CHD notification requirements
  5. Provide swift response to PFI requests
  6. Work with PFI to ensure the compromise is contained
  7. Support PFI in reporting CHD at risk to the cardholder brands
  8. Remediate any PCI DSS deficiencies or gaps identified by PFI

PCI Forensic Investigative services by FishNet Security's dedicated elite forensics experts are designed to help merchants and service providers respond quickly when they have received notice of a breach. Offering vast PCI experience, our consultants guide clients through the critical steps required to reach containment and to return to business as usual.

PFI services include:

  • Guidance in responding quickly and systematically to incidents
  • Quick support in facilitating a quick, efficient recovery from security incidents
  • Leveraging of information gained during incident handling to provide risk mitigation plans for future events
  • Participation as a liaison between the breached entity and cardholder brands
  • Identification of deficiencies in PCI DSS compliance, followed by recommendations for remediation
  • Assistance in onsite breach containment and extraction of malware
  • Participation as a liaison between the breached entity, law enforcement agencies and courts
  When a merchant or service provider has been identified
by one of the credit card brands as breached; the
corresponding entity has only a few days to select a PFI.
Selection of the best PFI for your organization
can provide added stress to an already stressful situation.

 

The choice is simple when you look at
FishNet Security's track record:

  • Dedicated Incident Management & Response Practice
  • Over a decade of Incident Response experience
  • Certified by PCI Council to conduct
    Incident Response engagements and training
  • Custom Incident Response solutions incorporating
    policy & procedure consulting, incident handling,
    and education
  • Dedicated Incident Response Project Management
  • Experience working with internal and external counsel
  • e-Discovery and litigation support
  • Member of USSS National Electronic Crimes
    Task Force (ECTF)
  • Business oriented deliverables
  • 100% Security Focused
  • Help breached entities leverage PCI DSS requirements
    to increase security and decrease risk exposure
  • Top quality customer service
  • Strong communication management
  • Remediation advisory services.
  • Vast knowledge of a variety of Point of Sale
    (POS) applications
  • Vast knowledge of common and complex attack vectors