RSS

Testimonials

TestimonialsPlease click on the link below to see a list of our current client testimonials. 

read testimonials


Connect with us on 

LinkedIn 

Follow us on

Twitter 

Join us on

Facebook

 Subscribe to us on

 

Read our Blog on

 

 

   

 

   

Related Articles

Newsletter

Subscribe to our newsletter

PFI FAQs

1. What is PFI?
PFI (Payment Forensics Investigator) is a new list of Data Forensic Firms who have been appointed by the PCI Council. Only forensic reports by these companies will be accepted by the card brands when undertaking a data forensic investigation

2. What does PFI replace?
PFI replaces the old scheme that was managed by the individual card brands. The main approved lists were QFI under VISA Europe, QIRA under VISA inc. and AFI under Mastercard. Instead of the confusion of being on multiple lists, the new PFI list has the advantage that all the major card brands will use one list.

3. Is PFI any different from QFI?
From a merchant perspective, little will change. There will still be an investigation from an independent investigator but the way in which the companies that are doing the investigation are evaluated in a different fashion

4. So what happens if I get notification from my bank that there has been an ADC (Account Data Compromise)?
Call in a PFI as soon as possible. They will advise you to preserve the evidence. Turn off the suspected machine, take out all the cables and arrange for a forensic image to be taken of the suspected machine. When a breach is apparent, the preservation of data will help all parties understand how the breach happened.

5. How do I prevent a breach?
As the doctors say, ‘prevention is better than cure.’ Ensure that there is a clear plan with accountable and definable actions in the event of a breach. The less tampering of the evidence, the more likely the cause of the breach will be found.

6. If I am PCI DSS compliant, surely this means that I won’t get breached?
PCI DSS is a minimum baseline standard to protect cardholder data and the processing of cardholder data. This does not mean that the risk of being breached is ruled out. Good information security practice and principles are crucial across the whole business and all times of the year to ensure that the risk of data loss is kept to a minimum

7. I use a supplier to process cardholder data and they are PCI DSS compliant, therefore I don’t need to be PCI DSS compliant and if I am told by the bank that there is a loss of cardholder data, it won’t affect me.
If you are the owner of a Merchant ID and you store, hold and process cardholder data you are responsible for PCI DSS compliance and also ensuring that your suppliers are PCI DSS compliant as well.

8. Being SAQ (Self-Assessment Questionnaire) compliant means that we are as secure as companies that have a QSA (Qualified Security Assessor) assessment.
The harsh reality is, ‘no’. Many companies that undertake a SAQ, whether they be a merchant or a 3rd party supplier do not have the sufficient in-house skills or capability to fully understand the requirements of the PCI DSS or how to prepare, respond and react to a cardholder breach. If anything, get some external advice from a QSA or from Sysnet’s Incident Response team to give you an unbiased, vendor-free assessment.

For further information on our PFI Consultancy Services, please contact one of our Sales representatives by calling 0844 562 3147 (UK) +353 (0)1 495 1300 (Rest of the World) or by completing our Online Enquiry Form or Request a Call Back Form.

Explore Sysnet:

Home | About Us | Contact Us | Partners | Resource Centre | Careers | Our Locations | Dublin Head Office | Russia and CIS | South Africa | UK | Latest News | Articles | Call Recording, PCI DSS & the Pitfalls | The importance of PCI Compliance | PCI DSS Overview | Overview of the main changes between v1.2.1 and v2.0 of the PCI DSS | Webinars | Data Protection | Securing Telephony for PCI DSS | Common Cyber Crimes facing the Payments Industry | Data Breaches – Compulsory Disclosure? | PCI DSS compliance challenges for the E-commerce Sector | PCI DSS compliance challenges for the Hospitality Sector | PCI DSS in the Retail Sector | PCI DSS v2.0 Webinar | PCI DSS Overview Webinar | Wikis | Videos | Case Studies | Useful Links | Testimonials | The Steps to Achieving Information Security Compliance

Information Security Services

Understanding | Analysis | Remediation | Assessment | Support and Compliance Maintenance | PCI DSS Introductory Workshop | PCI DSS Training | Compliance Scope Analysis and Reduction | Gap Analysis | Documentation Review | Information Security Policy & Procedure Development | Remediation Plan | Remediation Project Progress Review | Solutions Implementation & Compensation Control Compliance Validation | Onsite Pre Assessment | Onsite Assessment | Web Application Vulnerability Assessment | Payment Application Assessment | Risk Assessment | Firewall Review | Phone & Email Support | Information Security Policy Review | Periodic Onsite Compliance Health Check | Security Awarness Programmes | Incident Response Services

Managed Security Services

SIM on Demand | Security Monitoring | Network Intrusion Prevention and Detection Service | Firewall Management | Managed Vulnerability and Web Application Scanning | Log Retention

Industry Sector Services

E-commerce | Public Sector | Travel and Tourism | Payments | Financial Services | Educational Institutions | Gaming

Compliance and Standards

Sysnet Compliance Management Solution | PCI DSS | ISO 27001 | HIPAA | SOX | GLBA | NERC/CIP | PCI DSS - Ireland | PCI DSS - UK | PCI DSS - South Africa

PCI compliance

Acquirers/ISO's | Banks | Merchants | Payment Service Providers | Application Vendors | Hosting Providers | PCI DSS - FAQ's | PCI compliance - Ireland | PCI compliance - UK | PCI compliance - South Africa

PCI Forensic Investigator

Incident Management Workshops | Incident Response Scenario Workshop | PFI/PFI Lite Response Services | Payment Security Assessments | PFI - FAQs

© Sysnet 2011. All rights reserved.
Web Design & Web Development by Continuum Technologies