By PCIGuru

American Express Data Security

Discover Information Security & Compliance (DISC)

JCB Security Program

MasterCard International Site Data Protection (SDP) Program

Visa International


5 Responses to “Links To Card Brand Security Programs”

  1. 1 IDM CISSP
    June 10, 2019 at 1:04 PM

    I have a two-part question on the PCI Forensic Investigator (PFI) Program and requirement. It seems like hiring a forensic investigation firm on retainer proactively is the smart approach for Level 1 merchants, so as to avoid paying through the nose in case a breach does occur and having no time left to negotiate. The question is what if one is already on retainer, but turns out, that firm is NOT a PFI (but still a reputable forensic investigation firm)?

    1. Is hiring a certified PFI a PCI-DSS requirement? It doesn’t seem to be explicitly listed.

    2. Is this common for all level 1 merchants to just accept, hire a PFI on retainer, and move on? Or is the requirement to use a PFI certified/approved Forensics firm negotiable with each card brand? If not negotiable, why doesn’t the PCI council write this requirement into the PCI-DSS or at least improve awareness of this topic so that merchants can hire a PFI certified firm on retainer? All the wording I’ve found on the PCI council website is noncommittal and uses language like “may be required by card brands”

    • June 17, 2019 at 12:59 PM

      It is the card brands that enforce the use of the PFI. If you already have an examiner on retainer, I would ask your bank to ask the brands to get you a waiver on the PFI. However, be prepared to have them say “No”.

      The reason the requirement is not in the DSS is because not all the brands are in agreement that a PFI is necessary. As far as I am aware, only Visa and MasterCard have such a requirement.

  2. April 18, 2019 at 5:47 PM

    The Asia Pacific Visa link is broken unfortunately. Visa seem to jiggle their pages all the time! But a great resource nonetheless.

  3. 5 Mary
    January 26, 2012 at 1:35 PM

    Great resources…thank you!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Welcome to the PCI Guru blog. The PCI Guru reserves the right to censor comments as they see fit. Sales people beware! This is not a place to push your goods and services.

March 2023

%d bloggers like this: