If your organisation suffers a payment card breach, you may be required to have an Acquirer Led Investigation (ALI) carried out by a qualified PCI SSC Forensic Investigator (PFI). This investigation will look to identify how the breach occurred, what data was affected, work to remove any malicious activity and remediate the exploited vulnerability.
Although this remedies the cause of the initial compromise, it does not offer any safeguard from a future incident, or offer any assistance complying with the PCI DSS. Failure to comply with the PCI DSS can result in “Non-Compliance fee”, which can have a financial impact on each affected business.
Specifically designed for smaller merchants with one payment channel, our ALI Plus Service works to identify and resolve the initial compromise, detect any other vulnerabilities, and provide you with detailed feedback and consultancy support to check you are secure and PCI DSS compliant.
This service is suitable for Level 3 - 4 merchants that:
- Have less than 30,000 accounts at risk.
- Ecommerce merchants only.
- Do not process other payment channel transactions via the ecommerce channel.
This service will typically consist of the following steps:
- Review the scope to ensure that you qualify for the service.
- Investigate and identify the cause of the breach.
- Contain the breach and remove any malicious activity.
- Notify your acquiring bank of any payment card data at risk.
- Deploy a vulnerability scan (ASV Scan).
- Analyse the results of the scan and offer advice on the relevant actions to patch the vulnerabilities.
- Identify any areas of non-compliance with the PCI DSS.
- Provide a forensic investigation report of the incident and any issues that need resolving to ensure compliance.
- Provide a PCI DSS policy pack that can be used to obtain PCI DSS compliance.
- Help you complete the SAQ A submission so you can report compliance to your acquiring bank.
PCI DSS compliance should be reviewed annually. Our team will follow up with you on an annual basis to check all the correct measures are still in place and you remain compliant. Consultancy support will be available should you need any further assistance.
Get in touch today to find out more about our ALI Plus Service, and how the team at 3B Data Security can help your organisation recover and respond to a breach, and achieve PCI DSS compliance.
3B Data Security are one of only a handful of globally approved ALI and PFI companies certified by the PCI SSC and payment card brands to help merchants forensically investigate and recover from a compromise of cardholder data.
Our expert team have been Qualified Security Assessors (QSA) since 2008 and have been investigating cardholder data compromises for Visa and MasterCard since 2007. They have experience investigating hundreds of cardholder data breach investigations for all types of organisations.
The knowledge, experience and relationships gained from being a part of the payment card industry for this length of time helps to distinguish 3B Data Security as a trusted, credible and reliable partner for all aspects related to PCI DSS.