Do You Need a PCI PFI Investigation of a Credit Card Breach?
Then you came to the right place.We're fast, fair and affordable.
As one of the few PCI PFI certified firms in the world, we are experts at payment card compliance, IT security and data protection.
We are ready to start immediately, isolate the issue and help return you to compliance.
Trusted By:
Why we're the preferred PCI PFI provider
Ready to start within 24 hours
Once an agreement is signed, our team will start the investigation immediately.
Fast, Fair, and Affordable
We understand the pressure and impacts these incidents can have. We'll guide you through the process on-time and on-budget.
Been doing PCI since the standard was born
As one of the original firms to be trusted with handling this type of investigation, you could not be in better hands.
Handled large data breaches across 40+ industry verticals
We leverage our deep knowledge of data regulatory requirements across industries to help clients avoid reputational, legal and regulatory damage in multiple areas.
Built With You in Mind
Expertise
We have performed penetration tests in 35+ industry verticals, giving us unmatched insight and expertise.
Experience
We have performed more than 40,000 assessments during our 25 years in business and achieved a 90 percent client retention rate.
Cost-Effective
We pride ourselves on delivering top quality services at reasonable prices to help our clients operate safely in the credit card ecosystem.
Knowledge
We leverage our deep knowledge of data regulatory requirements across industries to help clients leverage their PCI assessments to meet other compliance requirements.
Simple. Fast.
We've been doing this a long time. We've simplified our processes to deliver results quicker than our competition.
Leadership
We are a boutique powered by former executives of Fortune 500 companies and Big Four consulting firms. We offer top-shelf consulting, for a reasonable price.
Frequently Asked Questions
When Do You Need a PCI PFI Investigation?
Payment card brands will sometimes require an independent investigation by a PCI PFI when a large amount of credit card fraud is tied to a single merchant ID, an indication of a possible breach.
Organizations must act quickly and work with a PCI forensic investigator to determine things such as:
If a breach has occurred
When it occurred
What data was compromised
The root cause of the attack
Whether the breach has been contained
Whether appropriate remediation steps have occurred
What security improvements need to be made
What PCI issues need to be addressed
What's involved in the PCI PFI Investigation?
In the simplest of terms, here are 6 key stages to a PCI PFI investigation:
Determine the Scope The investigation starts by determining what components of the IT environment are affected.
Acquire Electronic Data The investigator acquires and preserves evidence using a formal and documented process that is admissible in a court of law.
Conduct Preliminary Analysis & Interviews The investigator conducts forensic analysis and interviews to thoroughly understand the sequence of events that took place before, during and after the incident.
Prepare Initial Report No later than 5 business days after beginning the engagement, a preliminary investigation report must be provided to the PCI Council and major credit card brands with initial observations and findings.
Document Findings The PFI uses various techniques to independently determine the root cause of the breach, ensure it has been contained, and recommend security improvements to help prevent future attacks. The PFI also tests whether required PCI security controls are in place and operating as intended.
The Final Report Using a PCI Security Council report template, the PFI documents the forensic findings and any compliance gaps that caused or contributed to the breach. Before the report is finalized, the PFI meets with the major credit card brands and the impacted entity to present the findings and answer any questions. The goal is to ensure the breach has been contained and steps taken to improve compliance and security controls.
What Our Clients Say About Us
“Their team has demonstrated the ability to address emergencies and provide excellent services within very tight deadlines. They are an excellent group and I cannot recommend them highly enough.”
"I have chosen to work with ERMProtect again and again because they are complete professionals in a crisis, deploying experienced, veteran teams rapidly that get to the bottom of what went wrong quickly.”
“The company is passionate about delivering top-tier pre-breach and data breach services efficiently and at a reasonable rate. Clients get what they pay for and I have received positive feedback from existing clients regarding their experiences with ERMProtect.”
ERMProtect helps organizations fight back against cyberthreats with a powerful arsenal of solutions to mitigate legal, regulatory and reputational risk.
We rigorously test the security of IT systems, as if we were hackers ourselves. We ensure compliance with data privacy laws and standards to reduce regulatory risk. We help fix what’s broken and, if trouble comes, deploy powerful forensics.
We even tackle the human side of IT security, by training employees to recognize when they are being targeted through our proprietary ERMProtect e-learning platform.
