By PCIGuru

American Express Data Securityhttps://www209.americanexpress.com/merchant/services/en_US/data-security

Discover Information Security & Compliance (DISC)https://www.discoverglobalnetwork.com/en-us/business-resources/fraud-security/pci-rules-regulations/discover-information-security-compliance

JCB Security Programhttps://www.global.jcb/en/products/security/data-security-program/

MasterCard International Site Data Protection (SDP) Programhttps://www.mastercard.us/en-us/merchants/safety-security/security-recommendations/site-data-protection-PCI.html

Visa International


5 Responses to “Links To Card Brand Security Programs”


  1. 1 IDM CISSP
    June 10, 2019 at 1:04 PM

    I have a two-part question on the PCI Forensic Investigator (PFI) Program and requirement. It seems like hiring a forensic investigation firm on retainer proactively is the smart approach for Level 1 merchants, so as to avoid paying through the nose in case a breach does occur and having no time left to negotiate. The question is what if one is already on retainer, but turns out, that firm is NOT a PFI (but still a reputable forensic investigation firm)?

    1. Is hiring a certified PFI a PCI-DSS requirement? It doesn’t seem to be explicitly listed.

    2. Is this common for all level 1 merchants to just accept, hire a PFI on retainer, and move on? Or is the requirement to use a PFI certified/approved Forensics firm negotiable with each card brand? If not negotiable, why doesn’t the PCI council write this requirement into the PCI-DSS or at least improve awareness of this topic so that merchants can hire a PFI certified firm on retainer? All the wording I’ve found on the PCI council website is noncommittal and uses language like “may be required by card brands”

    • June 17, 2019 at 12:59 PM

      It is the card brands that enforce the use of the PFI. If you already have an examiner on retainer, I would ask your bank to ask the brands to get you a waiver on the PFI. However, be prepared to have them say “No”.

      The reason the requirement is not in the DSS is because not all the brands are in agreement that a PFI is necessary. As far as I am aware, only Visa and MasterCard have such a requirement.

  2. April 18, 2019 at 5:47 PM

    The Asia Pacific Visa link is broken unfortunately. Visa seem to jiggle their pages all the time! But a great resource nonetheless.

  3. 5 Mary
    January 26, 2012 at 1:35 PM

    Great resources…thank you!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s




Announcements

If you are posting a comment, be patient, as the comments will not be published until they are approved.

If your organization has a PCI opportunity, is in need of assistance with a PCI issue or if you would like the PCI Guru to speak at your meeting, you can contact the PCI Guru at pciguru AT gmail DOT com.

I do allow vendors to post potential solutions in response to issues that I bring up in posts. However, the PCI Guru does not endorse any specific products, so "Caveat Emptor" - let the buyer beware. Also, if I feel that the response is too "sales-ee", I reserve the right to edit or not even authorize the response.

Calendar

July 2020
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728293031  

Enter your email address to subscribe to the PCI Guru blog and receive notifications of new posts by email.

Join 2,264 other followers


%d bloggers like this: