Kroll Certified as PCI Forensic Investigator by Payment Card Industry Security Standards Council

Certification makes Kroll only PFI-certified organization that is also a full-service investigative firm

NEW YORK--()--Kroll, a global leader in risk mitigation, compliance, security, and incident response solutions, today announced it has been certified as a PCI Forensic Investigator (“PFI”) by the Payment Card Industry Security Standards Council (“PCI SSC” or “Council”). The certification, held by only 22 firms worldwide, makes Kroll the only PFI that is also a full-service investigative firm.

“One of Kroll’s core principles is to serve clients with excellence, and this exclusive certification not only underscores our commitment to outstanding service, but also reaffirms the trust and confidence that our clients place in our cyber security team”

The PCI SSC, founded in 2006 by American Express, Discover Financial Services, Japan Credit Bureau International, MasterCard, and Visa Inc., requires organizations experiencing data breaches or theft of cardholder data to engage a PFI to determine the nature and scope of the incident.

“One of Kroll’s core principles is to serve clients with excellence, and this exclusive certification not only underscores our commitment to outstanding service, but also reaffirms the trust and confidence that our clients place in our cyber security team,” said David Fontaine, Chief Executive Officer of Kroll and its parent, Corporate Risk Holdings. “Kroll’s practitioners and the resources we dedicate to cyber security are among the best in the world, as evidenced by earning the PFI designation. As a full-service investigations firm, we are further able to offer unique perspectives and integrated services that will help clients remediate their data breach in the most efficient and effective manner possible.”

During the certification process, PCI SSC scrutinized Kroll’s investigators and processes, as well as the labs in which investigations are conducted. Other criteria included the ability to conduct the investigation in the region where a breach occurs and the capacity to expand an investigation beyond the payment card environment. PFIs must also maintain strict independence requirements. This PFI designation follows Kroll’s certification in July 2016 as a Qualified Security Assessor by the PCI SSC. Kroll’s PCI services and experience augment a robust practice that aims to provide best in class cyber security consulting across multiple disciplines.

Cyber Security and Investigations Practice Leader Erik Rasmussen, QSA, CISSP, will lead Kroll’s PCI Forensic Investigators service offering. Rasmussen, who heads Kroll’s Los Angeles, California office, is a former Washington State prosecutor and U.S. Secret Service Special Agent. Prior to joining Kroll, Rasmussen served as Director, North America Cyber Security Intelligence, Payment System Risk, for Visa Inc., and as IT Security Manager, Security and Investigations for Fidelity National Information Services.

About Kroll:

Kroll is the leading global provider of risk solutions. For more than 40 years, Kroll has helped clients make confident risk management decisions about people, assets, operations and security through a wide range of investigations, cyber security, due diligence and compliance, physical and operational security and data and information management services. Headquartered in New York with more than 35 offices in 20 countries, Kroll has a multidisciplinary team of nearly 1,000 employees and serves a global clientele of law firms, financial institutions, corporations, non-profit institutions, government agencies and individuals. For more information visit

Forward-Looking Statements

This press release may contain “forward-looking statements.” These forward-looking statements include, but are not limited to, statements regarding the Company’s performance and growth, and other non-historical statements. Forward-looking statements identify prospective information. Important factors could cause actual results to differ, possibly materially, from those stated in the forward-looking statements. In some cases you can identify forward-looking statements by words such as “anticipate,” “believe,” “could,” “estimate,” “expect,” “intend,” “may,” “plan,” “predict,” “potential,” “should,” “will” and “would” or the negatives thereof, variations thereof or other similar words. You should read statements that contain these words carefully because they discuss the Company’s future priorities, goals, strategies, actions to improve business performance, market growth assumptions and expectations, future business opportunities, capital expenditures, financing needs, financial position and other information that is not historical information or state other “forward-looking” information. Forward-looking statements should not be read as a guarantee of future performance or results, and will not necessarily be accurate indications of the times at, or by which, such performance or results will be achieved. Forward-looking information is based on information available at the time and/or management's good faith belief with respect to future events, and is subject to risks and uncertainties that could cause actual performance or results to differ materially from those expressed in the statements. Forward-looking statements speak only as of the date the statements are made. The Company assumes no obligation to update forward-looking statements to reflect actual results, changes in assumptions or changes in other factors affecting forward-looking information except to the extent required by applicable securities laws. If the Company does update one or more forward-looking statements, no inference should be drawn that the Company will make additional updates with respect thereto or with respect to other forward-looking statements.


Nicole Cueto, 917-697-4180
Joele Frank, Wilkinson Brimmer Katcher
Meaghan Repko/Dan Moore, 212-355-4449

Recent Stories

RSS feed for Kroll