The importance of the PCI Forensic Investigator Certification

In a recent interview, Kevin Pierce, COO, of VikingCloud discussed the importance of the PCI Forensic Investigator Certification and what it means for the cybersecurity industry.

• Who are VikingCloud?

As one of the largest providers of compliance and security solutions, and with many of the top global acquirers and payment service providers as clients, VikingCloud is transforming the way organisations approach cyber defence.

We are focused on delivering integrated compliance and security solutions and work with many of the world’s leading brands. Our customer-centric SaaS solutions enable cutting-edge ways to secure network infrastructures, maintain compliance, and provide assurance testing and assessments.

Our platforms, currently used by more than five million businesses, provide real-time intelligence access to an organisation’s cyber risk landscape and enables the VikingCloud team to partner with organisations of all sizes to ensure proactive management of ever-changing cyber threats and business risks.

What’s more, we are also the world’s largest Qualified Security Assessor (QSA) company, and we were recently certified as a PCI Forensic Investigator (PFI) Company for North America by the Payment Card Industry Security Standards Council (PCI SSC)

• What is the PCI Forensic Investigator Certification?

The PCI SSC leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible, and effective data security standards and programs that help businesses detect, mitigate, and prevent cyberattacks and breaches.

PCI Forensic Investigators are highly trained independent incident response experts certified by the PCI SSC and approved by the card brands to perform forensics investigations on security incidents that impact Cardholder Data Environments (CDEs).

Certified businesses can perform investigations within the financial industry using proven investigative methodologies and tools.

Thanks to our recent PFI certification, VikingCloud is now certified by the PCI SSC to perform investigations for any breach size, including those larger than 30,000 breached records.

VikingCloud is also authorised to review the outcome of a customer data breach investigation.

Our investigators work to determine the existence of a payment cardholder data breach, the facts and circumstances of when and how it may have occurred and ensure there is no longer an active breach.

• How important is it for businesses to have the PCI Forensic Investigator Certification?

It’s vital any PFI can be trusted to get to the root of a breach, stop it, and provide valuable insights that will prevent it happening again.

As a leading provider of cybersecurity solutions for a broad range of organisations, we want to ensure we offer our customers every possible solution to enhance their cybersecurity protocols, and certification gives our customers peace of mind that our process and methodology around forensic investigations go above and beyond the minimal requirements.

• What does this certification mean for those in the Global Banking and Finance industry?

The PCI DSS (Payment Card Industry – Data Security Standard) Certification is an industry standard for securing credit card use. Therefore, it’s essential for the financial sector because it involves and aligns all those involved in the transit of banking data. In other words, any company that acts as an intermediary between consumers and their purchases.

PFIs help determine the occurrence of a cardholder data compromise, and when and how it may have occurred. Investigators must work for a Qualified Security Assessor company that provides a dedicated forensic investigation practice. They perform investigations within the financial industry using proven investigative methodologies and tools. They also provide relationships with law enforcement to support stakeholders with any resulting criminal investigations.

• And what does it mean for businesses that deal with consumer transactions?

A PCI Forensic Investigation can stop a breach in its tracks to prevent further financial damage while getting the required investigation completed. And the scale of financial damage cannot be underestimated.

Global data breaches and the costs of attacks for companies of all sizes are on the rise.

In 2021, large organizations of 10,000-25,000 employees hit by a data breach paid an average cost of $5.52 million per attack. Smaller businesses with less than 500 employees have also seen an increase from $2.35 million per attack in 2020 to $2.98 million in 2021, a 26.8% increase.

Investigations not only uncover the information required to prevent future breaches, they also demonstrate the transparency essential to maintaining a business’ reputation.

• As businesses become more and more digital, what can we expect in terms of security and payments when it comes to e-tailing and protecting customers?

Between 2020 and 2021, ecommerce fraud rose 18% from $17.5 billion to $20 billion, and fraudsters’ methods will continue to grow in sophistication and diversity in the years ahead.

Tokenization – replacing sensitive data with non-sensitive data with tokens that act as a placeholder for the original data – will become an increasingly invaluable tool for the Payment Card Industry, as it works with all types of data, uses fewer resources, and has a lower chance of failure compared to other encryption methods. Tokenization is also compatible with legacy systems, unlocking new use cases all the time.

Digital identity verification will also become more widespread and trusted. Two Factor-Authentication (2FA) introduces a second level of verification and is one of the most effective ways to protect against password breaches. Although adoption rates are low at the moment, 2FA has already become more accepted over the last two years, with 79% of people having used it in 2021 compared to 53% in 2019.

Furthermore, an increasing number of platforms are switching to 3D Secure 2.0, a new and upgraded version of the protocol that is not just more user-friendly but safer thanks to biometric authentication and a host of other security mechanisms.

• What are the most critical obstacles facing the cybersecurity world at the moment?

The stark truth is that hackers are getting better at what they do, which means e-tailers in particular need an expert partner to stay updated with security issues and provide around-the-clock protection.

Many businesses pivoted during the pandemic, to replacing face-to-face transactions with online trading, a practice that continues post-pandemic and presents a particular security challenge.

Hackers usually target e-commerce store admins, users and employees using a range of malicious techniques, such as phishing, spamming and malware.

• Do you feel cybersecurity regulations need changing/updating to reflect the rise of digital working?

Digital technologies are key to future business prosperity, but we must also make sure they are developed responsibly to protect businesses and their customers.

Smart devices are already under renewed scrutiny. In the UK for example, makers of smart devices such as phones, speaker, and doorbells now need to tell customers upfront how long a product will be guaranteed to receive vital security updates. Such regulation is important as just one vulnerable device can put a user’s network at risk.

More cybersecurity regulations will need to be reviewed or introduced as more businesses and consumers inhabit the metaverse. Consumers are arguably most at risk because, unlike in the real world, which has consumer-empowering data privacy acts, like GDPR and CCPA, there is currently no equivalent in the metaverse.

About Kevin Pierce:

As VikingCloud’s Chief Operating Officer, Kevin leads global product development, service delivery, QSA consulting, and managed security testing. Viking Cloud is a 900+ employee, global cybersecurity organization that is transforming how customers approach cyber-defense through managed security, testing, and assessment services. With almost 30 years in the technology space, Kevin has designed and built highly scalable cloud systems for secure data exchange, supply chain optimization, and cybersecurity in multiple industries. He also co-founded two technology companies that each grew to hundred-million-dollar enterprises prior to his exit. Kevin’s current focus is on leveraging machine learning and artificial intelligence to deliver next-generation cybersecurity solutions across industry verticals. Kevin holds a master’s degree in Business Administration, studied in various Executive Programs at Oxford University and Harvard University, and is a Six Sigma Blackbelt.