Frequently Asked Question

Are PCI Forensic Investigators (PFIs) permitted to enter into retainer-type agreements with merchants and service providers?

PCI Forensic Investigators (PFIs) are required to use independent judgment in performing PFI investigations for entities which have been subject to compromise or where a compromise is suspected. It is of paramount importance that PFIs are not subject to any influences that may affect their independent judgment.

It is permissible for an entity to have a PFI on a retainer-type contract, in readiness to provide a rapid incident response, providing that all of the PFI Program independence requirements continue to be met.

PFIs must adhere to the independence requirements documented in Section 2.3 of the PFI Qualification Requirements

Last updated: April 2017
Originally published: November 2014
Article Number: 1306

Featured FAQ Articles