Kroll’s Cyber Security experts understand your challenges as an organization processing payment card transactions. First and foremost, you need to protect your customers’ payment data as prescribed by the Payment Card Industry Security Standards Council (SSC), in particular its Data Security Standard (DSS). At the same time, you must protect the integrity of your own data networks and cardholder data while delivering a positive customer experience that combines strict security protocols with payment convenience.
Kroll has the proven strategies to help. We offer a wide range of services for both merchants and payment processors, from audits to incident management services, to pragmatic approaches for strengthening your cyber defenses:
Kroll has significant experience conducting privileged, independent PCI investigations on behalf of clients who are undergoing a PCI investigation in their environment by a different PFI or who have not yet received a PFI request letter. Our concurrent investigations provide clients with a measure of independent scrutiny around the methodologies and findings being developed in the PFI’s investigation and provide a wider breadth of visibility into a breach that may not be limited in scope to a Cardholder Data Environment.
As a QSA and PFI, Kroll is authorized to conduct your annual PCI Assessment to validate your company’s adherence to the PCI Data Security Standard. Our assessment will also include deliverables, such as Report of Compliance (ROC) or Attestation of Compliance (AOC) for submission to the PCI SSC.
Additionally, Kroll offers a suite of services that facilitate the process of complying with PCI DSS requirements:
Kroll is first and foremost an investigations firm. As such, we are one of the only QSA/PFIs that approach these engagements with a global investigative cyber security background. Our PCI services go beyond facilitating your organization’s compliance with the PCI DSS—we have the experience and knowledge to help you fortify your defenses to reduce the likelihood of a data breach across your data network.
Many of our professionals have previously served with law enforcement agencies, including the FBI and U.S. Secret Service, as well as with leading payment card organizations. We have assisted numerous companies that have been the target of data breaches and helped them to understand the nature, scope, and ramifications of how their information systems were compromised. Additionally, we follow established law enforcement methodologies—such as chain of custody protocols for evidence handling—to potential aid law enforcement and prosecutors in the event of criminal prosecutions.
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
Proactively identify vulnerable systems and devices that may be exploited by an attacker or malicious software, often resulting in data loss or breach.
Kroll's cyber risk assessments deliver actionable recommendations to improve security, using industry best practices & the best technology available.
Kroll’s multi-layered approach to cloud security consulting services merges our industry-leading team of AWS and Azure-certified architects, cloud security experts and unrivalled incident expertise.
Kroll’s field-proven incident response tabletop exercise scenarios are customized to test all aspects of your response plan and mature your program.
Experienced investigators deliver case-changing insights to support the entire litigation lifecycle.
Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.
Kroll’s data breach notification, call centers and monitoring team brings global breach response expertise to efficiently manage regulatory and reputational needs.
by Laurie Iacono, Keith Wojcieszek, George Glass
by Andrew Rathbun, Eric Zimmerman
by David White