PCI SSC is the global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), the PIN transaction security requirements and the payment application data security standard.
According to SRM, it is one of the one of the first five companies to be awarded the accreditation in the world.
Bob Russo, the PCI SSC's general manager, said that with the PCI PFI programme, the council is seeking to make it easier for those requiring forensic investigative services to meet industry requirements and address security vulnerabilities within their organisations as quickly as possible.
SRM says that, in the event that cardholder data is compromised, the merchant, service provider, financial institution or other entity responsible for the data may be required by payment card brands to engage a forensic investigator to determine how and where the payment card data was obtained by unauthorised third parties.
Prior to the PFI programme, SRM adds that requirements regarding eligibility, selection and performance of forensic investigators have been determined and maintained separately by each payment card brand, making the process complex for affected parties, especially where multiple acquirers, issuers and/or payment card brands were involved.
"We have been involved in PCI DSS since the creation of the Security Council. Having achieved both PCI QSS and PCI PA-QSA accreditation. We are delighted to be able to provide investigation and forensic support to the payment card brands", said Stephen Brown, CEO with Security Risk Management.
Brown went on to say that, under the PFI program affected organisations can work with one approved forensic investigator to produce a single report that will be accepted by all payment card brands.