Tristan PINCEAUX | Lead CERT

PFI certification allows certified incident response teams to investigate card data compromise and leakage in accordance with the Payment Card Industry Data Security Standard (PCI DSS).
As the first French PFI, CERT CWATCH is committed to assisting you in all the steps to be taken in the event of suspected bank card fraud. Thanks to its “Core Investigators” (experienced analysts or former QSAs), CERT can intervene on your information system in complete security and in compliance with the process imposed by the Acquirer Bank or the Card Brands: Visa, MasterCard, JCB, Discover, UnionPay.

Your bank asks you for a PFI investigation?


+33 (0) 1 83 75 36 94

Our intervention capacity

CERT CWATCH supports you at every stage of the PFI intervention and provides all the answers requested by your partners or by the authorities. In particular:
An initial investigation report within 5 working days (this requested report must contain details of the first findings and the perimeter involved in the investigations)
Thorough forensic investigations (manual and semi-automated) on the affected perimeter
A privileged contact with the card brands affected by the credit card data leak
A final investigation report within 10 days of the completion of the investigation
Contextualized, prioritized recommendations relevant to your environment will be communicated to you to help you remedy the incident. Containment, eradication and hardening actions will be requested and will have to be carried out quickly.

Aspects of a PFI intervention that CERT can help you with

Technical aspects

Confirmation of equipments’ compromise

Confirmation of the exfiltration (theft) of credit card data

Determining the initial point of compromise

Determining the date of compromise

Determination of the impacted perimeter (CDE, peripheral zone, equipment, etc.)

Confirmation of the security of credit card data

  • Audit of measures put in place to address security gaps

Recommendations for hardening your card environment in compliance with PCI DSS requirements.

Legal aspects

Accompaniment in the steps to be taken with the local authorities (declaration to the CNIL, filing a complaint, …)

Determination of the compliance of your credit card environment with the PCI DSS standard. This makes it possible to release your responsibility and/or to engage the responsibility of your partners

Communication aspects

Help in drafting the various communications around the incident (intended for employees, HR, partners, the press and the media, etc.)

Compliance aspects

Preliminary report sent within 5 days after the beginning of the intervention

Final report sent 10 days after completion of investigations

Commercial website? Payment platform? Hosting? Hybrid or on-premise infrastructure?

With its QSA PCI DSS certification for more than 10 years and armed with its qualified, certified and equipped analysts for incident response, CERT CWATCH has the necessary experience to support your organization (whatever its size or sector of activity) in the management of a crisis in your bank card environment.

Why choose us as your PFI?

As the first PFI actor in France, we can accompany you exclusively in French and with a better knowledge of the steps to take towards the French authorities concerning cyber incidents and personal data leaks on French territory

As one of the few PCI QSA qualified players for more than 10 years, we have a solid vision and understanding of card environments and card payment infrastructures.

Our independence from vendors and third parties allows us to establish a list of relevant and contextualized recommendations to secure your environment.

Almond is an authorized user of the CERT ™ mark:
Technological watch, continuous improvement of our methodologies
of incident response and knowledge sharing (IOC) between CERT ™.


Le CERT d’Almond est membre du réseau InterCERT France depuis 2020. InterCERT-FR est une association loi 1901 qui rassemble les équipes de réponse aux incidents (CSIRT) en France.

Our expertise

CWATCH Mail Report

Respond & Recover: security incident response

Phishing campaign

CWATCH on Azure Sentinel: simple, comprehensive and accessible managed cybersecurity services

Slide >> CONTACT US <<