Welcome to 3B Data Security
URGENT INCIDENT RESPONSE

ALI Plus

If your organisation suffers a payment card breach, you may be required to have an Acquirer Led Investigation (ALI) carried out by a qualified PCI SSC Forensic Investigator (PFI). This investigation will look to identify how the breach occurred, what data was affected, work to remove any malicious activity and remediate the exploited vulnerability. Although this remedies the cause of the initial compromise, it does not offer any safeguard from a future incident, or offer any assistance complying with the PCI DSS. Failure to comply with the PCI DSS can result in “Non-Compliance fee”, which can have a financial impact on each affected business.

Recover From a Breach and Prevent Further Incidents

Specifically designed for smaller merchants with one payment channel, our ALI Plus Service works to identify and resolve the initial compromise, detect any other vulnerabilities, and provide you with detailed feedback and consultancy support to check you are secure and PCI DSS compliant.
This service will typically consist of the following steps:
  • Review the scope to ensure that you qualify for the service.
  • Investigate and identify the cause of the breach.
  • Contain the breach and remove any malicious activity.
  • Notify your acquiring bank of any payment card data at risk.
  • Deploy a vulnerability scan (ASV Scan).
  • Analyse the results of the scan and offer advice on the relevant actions to patch the vulnerabilities.
  • Identify any areas of non-compliance with the PCI DSS.
  • Provide a forensic investigation report of the incident and any issues that need resolving to ensure compliance.
  • Provide a PCI DSS policy pack that can be used to obtain PCI DSS compliance.
  • Help you complete the SAQ A submission so you can report compliance to your acquiring bank.

PCI DSS compliance should be reviewed annually. Our team will follow up with you on an annual basis to check all the correct measures are still in place and you remain compliant. Consultancy support will be available should you need any further assistance.

Who Qualifies for This Service?
This service is suitable for Level 3 - 4 merchants that:

  • Have less than 30,000 accounts at risk.
  • Ecommerce merchants only.
  • Do not process other payment channel transactions via the ecommerce channel.

ALI Plus Benefits

  • Merchants will have peace of mind, knowing that they have industry experts taking care of them following a breach.
  • Offers a quick and cost-effective route towards PCI DSS compliance.
  • Will help protect the business from a recurring compromise and maintain PCI DSS compliance for 12 months.
  • Helps protect a merchant’s reputation and build trust with their customers.
  • This service not only helps with the immediate aftermath of a compromise but also provides the tools and insights needed to prepare for future PCI DSS compliance.
  • Achieving PCI DSS compliance provides a baseline for other regulations such as the GDPR.

Why Choose 3B Data Security

3B Data Security are one of only a handful of globally approved ALI and PFI companies certified by the PCI SSC and payment card brands to help merchants forensically investigate and recover from a compromise of cardholder data.  

Our expert team have been Qualified Security Assessors (QSA) since 2008 and have been investigating cardholder data compromises for Visa and MasterCard since 2007. They have experience investigating hundreds of cardholder data breach investigations for all types of organisations. 

The knowledge, experience and relationships gained from being a part of the payment card industry for this length of time helps to distinguish 3B Data Security as a trusted, credible and reliable partner for all aspects related to PCI DSS.



-- Contact Us --