Payment Card Industry Services

Kroll offers a wide range of services for both merchants and payment processors, from audits to incident management services, to pragmatic approaches for strengthening your cyber defenses.

Contact us
/en/services/cyber-risk/incident-response-litigation-support/payment-card-industry-services service

Kroll’s Cyber Security experts understand your challenges as an organization processing payment card transactions. First and foremost, you need to protect your customers’ payment data as prescribed by the Payment Card Industry Security Standards Council (SSC), in particular its Data Security Standard (DSS). At the same time, you must protect the integrity of your own data networks and cardholder data while delivering a positive customer experience that combines strict security protocols with payment convenience.

Kroll has the proven strategies to help. We offer a wide range of services for both merchants and payment processors, from audits to incident management services, to pragmatic approaches for strengthening your cyber defenses:

PCI Standard Services
  • PCI Forensic Investigations
    Our PCI Forensic Investigators (PFIs) will help determine the occurrence of a cardholder data compromise, and when and how it may have occurred using proven investigative methodologies and tools. Kroll is currently one of only three firms certified to conduct PCI Forensic Investigations globally.
  • Training and Advisory Services
    Our top cyber security professionals, many with law enforcement and payment industry backgrounds, share how you can strengthen the security of your payment processing technology, systems, and practices.

Privileged PCI Investigation 

Kroll has significant experience conducting privileged, independent PCI investigations on behalf of clients who are undergoing a PCI investigation in their environment by a different PFI or who have not yet received a PFI request letter. Our concurrent investigations provide clients with a measure of independent scrutiny around the methodologies and findings being developed in the PFI’s investigation and provide a wider breadth of visibility into a breach that may not be limited in scope to a Cardholder Data Environment.

PCI DSS Compliance Suite of Services

As a QSA and PFI, Kroll is authorized to conduct your annual PCI Assessment to validate your company’s adherence to the PCI Data Security Standard. Our assessment will also include deliverables, such as Report of Compliance (ROC) or Attestation of Compliance (AOC) for submission to the PCI SSC.

Additionally, Kroll offers a suite of services that facilitate the process of complying with PCI DSS requirements:

  • PCI Scope Discovery and Reduction Services. The scope discovery phase entails identifying all of your company’s technology assets that process, store, and transmit card data, as well as any systems which interact with that technology. During the reduction phase, we will identify improvements to your network architecture that would reduce the number of systems in scope for PCI DSS compliance.
  • PCI Gap Analysis. This mock audit helps to determine where your company’s systems meet or exceed data security standards, and where they fall short. A gap analysis enables your company to identify and resolve issues before an official PCI DSS compliance assessment.
  • PCI Remediation Consulting. Our experts will provide pragmatic strategies to resolve issues identified during a gap analysis, whether it was performed internally, by Kroll, or by another provider.
  • Penetration Testing. As an annual PCI DSS requirement, this exercise tests the security of your company’s systems and identifies vulnerable areas that might enable a bad actor to gain access to your network.
  • Kroll Responder Services. Kroll’s next-generation security solution integrates Kroll’s industry-leading cyber security expertise with powerful, 24/7 monitoring technology that is continuously on the hunt for network intrusions. Kroll’s Responder solution addresses another PCI DSS requirement.
  • Full Lifecycle PCI DSS Gap Analysis, Readiness, and Audit Services. Encompassing all phases of PCI DSS preparedness, these services help your company achieve and maintain PCI DSS compliance.
  • Data Breach Investigations. Our PFI Investigators can conduct PCI Security Standard Council-mandated investigations in the event of a data breach or in anticipation of litigation.

    Why Kroll

    Kroll is first and foremost an investigations firm. As such, we are one of the only QSA/PFIs that approach these engagements with a global investigative cyber security background. Our PCI services go beyond facilitating your organization’s compliance with the PCI DSS—we have the experience and knowledge to help you fortify your defenses to reduce the likelihood of a data breach across your data network.

    Many of our professionals have previously served with law enforcement agencies, including the FBI and U.S. Secret Service, as well as with leading payment card organizations. We have assisted numerous companies that have been the target of data breaches and helped them to understand the nature, scope, and ramifications of how their information systems were compromised. Additionally, we follow established law enforcement methodologies—such as chain of custody protocols for evidence handling—to potential aid law enforcement and prosecutors in the event of criminal prosecutions.

Connect with us

Jason N Smolanoff
Jason N. Smolanoff
President, Cyber Risk
Cyber Risk
Los Angeles
Marc Brawner
Marc Brawner
Managing Director and Global Head of Managed Services
Cyber Risk
Stephen Kopeck
Stephen Kopeck
Managing Director
Cyber Risk

See all servicesStay Ahead with Kroll


Valuation of businesses, assets and alternative investments for financial reporting, tax and other purposes.

Compliance and Regulation

End-to-end governance, advisory and monitorship solutions to detect, mitigate and remediate security, legal, compliance and regulatory risk.

Corporate Finance and Restructuring

Comprehensive investment banking, corporate finance, restructuring and insolvency services to investors, asset managers, companies and lenders.

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Environmental, Social and Governance

Advisory and technology solutions, including policies and procedures, screening and due diligence, disclosures and reporting and investigations, value creation, and monitoring.

Investigations and Disputes

World-wide expert services and tech-enabled advisory through all stages of diligence, forensic investigation, litigation and testimony.

Business Services

Expert provider of complex administrative solutions for capital events globally. Our services include claims and noticing administration, debt restructuring and liability management services, agency and trustee services and more.


ModPipe POS Malware: New Hooking Targets Extract Card Data

Jun 02, 2022

by Sean Straw


Q4 2021 Threat Landscape: Software Exploits Abound

Feb 16, 2022

by Keith WojcieszekLaurie Iacono George Glass


ALM Intelligence Pacesetter Research – Cybersecurity Services 2020

Oct 28, 2020

by Jason N. SmolanoffAndrew BeckettMarc Brawner


Kroll Ransomware Attack Trends – 2020 YTD

Oct 06, 2020

by Devon AckermanKeith Wojcieszek Laurie Iacono


Kroll Partners with Armis to Extend Preparedness and Response for OT and ICS Environments

May 09, 2022


Kroll Named in the GIR 100

Oct 23, 2020


Kroll Named a Cyber Security Services Pacesetter by ALM Intelligence

Oct 28, 2020


Kroll Enhances Managed Detection and Response Solutions with Kroll Responder

Sep 17, 2020