According to the PCI SSC, the PFI program is designed to “establish and maintain rules and requirements regarding eligibility, selection, and performance of companies that provide forensic investigation services to ensure they meet PCI Security Standards. The PFI program aims to help compromised or partially compromised entities by simplifying and expediting procedures for approving and engaging forensic investigators.”
In addition to being recognized as both a Qualified Security Assessor (QSA) and Payment Application Qualified Security Assessor (PA-QSA) company, 403 Labs also had to demonstrate that it met the requirements of having:
• A dedicated forensic investigation practice within the company
• Employees with the right backgrounds and skills
• Experience performing investigations within the financial industry using proven investigative methodologies & tools
• Relationships with law enforcement to demonstrate the ability to support any resulting criminal investigations
“Our entire staff was very passionate about becoming a PFI company,” said D.J. Vogel, 403 Labs’s Principal. “We have been active in the forensics industry for years, and with our focus on PCI, we felt that the PFI certification was important to expand our service offerings in a manner that would bring value to our clients and partners.”
Currently, 403 Labs is only one of nine companies approved to conduct PCI forensic investigations in the United States, and one of the first approved through the newly-launched PFI program. “The hard work and dedication that allowed us to apply and receive approval in such a timely manner is a direct reflection of the exemplary effort and competency our team demonstrates throughout all of their work,” said Vogel.
Meeting the requirements of an initiative launched earlier this spring by the Payment Card Industry Security Standards Council (PCI SSC), IT security consulting firm 403 Labs has announced the company’s certification as a PCI Forensic Investigator (PFI). 403 Labs was previously certified as a PCI QSA (Qualified Security Assessor) in May of 2007.