‘Do not wait until it’s too late – engage a PFI company now!’ That is the advice given by Jeremy King, International Director, PCI Security Standards Council in his closing speech at last week’s PCI London event. He’s right of course. Too many organisations wait until there is a crisis – a potentially crippling breach of their data card security – before they make their first contact with a Payment Card Industry Forensic Investigator (PFI).
It could be compared to a fire. If a sound working partnership has been developed with a fire officer then all reasonable preventative measures will have been taken. The chances of a fire being established and taking hold are minimised. Yet even the most robust preventative strategies cannot eliminate an unforeseen event and no matter how many potential fires are avoided, it only takes one wilful arsonist or one electrical fault to wreak chaos.
Even in the event of such a catastrophe, having a trusted relationship with an expert professional is still hugely beneficial. Here the analogy to a fire becomes a bit shaky, but imagine if a fire is taking hold and there is someone who not only understands how to put the fire out, but also knows where all your valuables are kept, who is particularly vulnerable and also has the capability to deploy the fire fighters immediately thereby reducing its impact. That is what a PFI does when it comes to managing data breeches.
The fact is that breaches can and do occur. Even to those with full PCI DSS compliance and strong defences. If a business is identified as the ‘common point of purchase’ for a breach then a PFI forensic investigation is a regulatory requirement of the Brands. But a trusted and engaged PFI company will already have an intimate knowledge of that company, its systems and key personnel, ensuring that fraudulent activity is stopped and remedial action taken in the shortest possible time frame. This will save time and money, while also protecting the company’s reputation.
It is not all about crises, however. It is important to note that PFI companies have a much wider scope of expertise than simply conducting forensic investigations. They can help to manage and drive all aspects of a company’s online security, providing a holistic approach to the whole range of issues from data storage to Incident Response Planning. Crucially, they will also provide the expertise to provide a robust defence without compromising the ability of the business to trade.
SRM is one of only 22 companies worldwide accredited by the Payment Card Industry to investigate breaches of credit card data. It has the largest experienced PFI team in Europe which includes a large number of qualified PCI PFIs. Our expertise goes beyond PFI, to include all aspects of information security management and the implementation of PCI DSS.