Wed, Jan 4, 2017

Kroll Certified as PCI Forensic Investigator by Payment Card Industry Security Standards Council

Certification makes Kroll only PFI-certified organization that is also a full-service investigative firm.

Kroll, a global leader in risk mitigation, compliance, security, and incident response solutions, today announced it has been certified as a PCI Forensic Investigator (“PFI”) by the Payment Card Industry Security Standards Council (“PCI SSC” or “Council”).  The certification, held by only 22 firms worldwide, makes Kroll the only PFI that is also a full-service investigative firm.

The PCI SSC, founded in 2006 by American Express, Discover Financial Services, Japan Credit Bureau International, MasterCard, and Visa Inc., requires organizations experiencing data breaches or theft of cardholder data to engage a PFI to determine the nature and scope of the incident.

“One of Kroll’s core principles is to serve clients with excellence, and this exclusive certification not only underscores our commitment to outstanding service, but also reaffirms the trust and confidence that our clients place in our cyber security team,” said David Fontaine, Chief Executive Officer of Kroll and its parent, Corporate Risk Holdings. “Kroll’s practitioners and the resources we dedicate to cyber security are among the best in the world, as evidenced by earning the PFI designation.  As a full-service investigations firm, we are further able to offer unique perspectives and integrated services that will help clients remediate their data breach in the most efficient and effective manner possible.”

During the certification process, PCI SSC scrutinized Kroll’s investigators and processes, as well as the labs in which investigations are conducted.  Other criteria included the ability to conduct the investigation in the region where a breach occurs and the capacity to expand an investigation beyond the payment card environment.  PFIs must also maintain strict independence requirements.  This PFI designation follows Kroll’s certification in July 2016 as a Qualified Security Assessor by the PCI SSC.  Kroll’s PCI services and experience augment a robust practice that aims to provide best in class cyber security consulting across multiple disciplines.

Cyber Risk and Business Intelligence and Investigations Practice Leader Erik Rasmussen, QSA, CISSP, will lead Kroll’s PCI Forensic Investigators service offering.  Rasmussen, who heads Kroll’s Los Angeles, California office, is a former Washington State prosecutor and U.S. Secret Service Special Agent.  Prior to joining Kroll, Rasmussen served as Director, North America Cyber Security Intelligence, Payment System Risk, for Visa Inc., and as IT Security Manager, Security and Investigations for Fidelity National Information Services.

About Kroll:
Kroll is the leading global provider of risk solutions. For more than 40 years, Kroll has helped clients make confident risk management decisions about people, assets, operations and security through a wide range of investigations, cyber security, due diligence and compliance, physical and operational security and data and information management services. Headquartered in New York with more than 35 offices in 20 countries, Kroll has a multidisciplinary team of nearly 1,000 employees and serves a global clientele of law firms, financial institutions, corporations, non-profit institutions, government agencies and individuals. For more information visit

Media Contact:
Joele Frank, Wilkinson Brimmer Katcher
Meaghan Repko/Dan Moore | 212-355-4449