PCI Watch

Tracking changes across the Payment Card Industry
ℹ️
Reference Content: This is a copy of content from the PCI Security Standards Council FAQ database, preserved for tracking changes over time.
View Original →
FAQ #1460 Published

Where should reports be sent when the PFI investigation has concluded there is no evidence of a breach?

Where the entity under investigation is a merchant, all completed work products (e.g. Preliminary and Final reports) must be distributed to all participating payment brands accepted by the merchant. Where the entity under investigation is a service provider, all completed work products must be distributed to all participating payment brands whose products the service provider handles.Please contact the PFI Program Manager at PFI@pcisecuritystandards.org for further information. 

View original on PCI SSC website View all versions Back to recent changes

Disclaimer: This FAQ has been processed for display on this website and may contain errors. Please check the original FAQ on the PCI SSC website for the authoritative version.