Text size Increase Font-SizeDecrease Font-SizeReset Font-Size

PCI Forensic Investigator (PFI) Program

Requirements
PCI PFI List
Fees
How to Apply
PFI FAQs

The PCI Forensic Investigator (PFI) program establishes and maintains rules and requirements regarding eligibility, selection and performance of companies that provide forensic investigation services to ensure they meet PCI Security Standards. The PFI program aims to help simplify and expedite procedures for approving and engaging forensic investigators by:

  • Providing a single set of requirements for forensic investigators upon which market participants may align
  • Maintaining a list of Council-approved forensic investigators for compromised entities to choose from
  • Providing guidance on how investigations are to be conducted and reported

The PCI PFI program officially launches on March 1, 2011, to coincide with the retirement of requirements and lists managed by payment card brands.

Requirements

Eligible PFI candidates must be recognized as a QSA Company. It is imperative that forensic investigators involved in this program completely understand the PCI DSS and its intended application within the cardholder data environment.

The Supplemental Requirements document provides details on criteria that each PFI candidate company is required to meet including:

  • The existence of a dedicated forensic investigation practice within your company
  • Staff with the necessary backgrounds and skills
  • Experience performing investigations within the financial industry using proven investigative methodologies & tools; and
  • Relationships with law enforcement to ensure you can support any resulting criminal investigations

PCI PFI List

The Council will maintain a list of approved PCI Forensic Investigators to replace the individual payment card brand lists as of March 1, 2011. View the list of approved PCI Forensic Investigators.

Fees

Initial processing fee and approval fee apply. Please see Supplemental Requirements for more information.

How to Apply

For more information, please contact pfi@pcisecuritystandards.org

PCI Forensic Investigator FAQs

 


Back to Top

The PCI Security Standards Council (the "Council") provides a variety of tools, questionnaires, guidance, FAQs, training resources and other materials and information to assist organizations seeking to achieve compliance with its standards (the "Standards"). Third party products and services are also available, but the Council does not endorse or recommend any such third party products or services, and advises all organizations seeking to achieve compliance to become familiar with the Standards and related requirements before purchasing third party products or services. Ultimately, all applicable requirements must be met in order to achieve compliance, regardless of whether or what third party products or services are used.