PCI Forensic Investigator (PFI) Program
The PCI Forensic Investigator (PFI) program establishes and maintains rules and requirements regarding eligibility, selection and performance of companies that provide forensic investigation services to ensure they meet PCI Security Standards. The PFI program aims to help simplify and expedite procedures for approving and engaging forensic investigators by:
- Providing a single set of requirements for forensic investigators upon which market participants may align
- Maintaining a list of Council-approved forensic investigators for compromised entities to choose from
- Providing guidance on how investigations are to be conducted and reported
The PCI PFI program officially launches on March 1, 2011, to coincide with the retirement of requirements and lists managed by payment card brands.
Eligible PFI candidates must be recognized as a QSA Company. It is imperative that forensic investigators involved in this program completely understand the PCI DSS and its intended application within the cardholder data environment.
The Supplemental Requirements document provides details on criteria that each PFI candidate company is required to meet including:
- The existence of a dedicated forensic investigation practice within your company
- Staff with the necessary backgrounds and skills
- Experience performing investigations within the financial industry using proven investigative methodologies & tools; and
- Relationships with law enforcement to ensure you can support any resulting criminal investigations
PCI PFI List
The Council will maintain a list of approved PCI Forensic Investigators to replace the individual payment card brand lists as of March 1, 2011. View the list of approved PCI Forensic Investigators.
Initial processing fee and approval fee apply. Please see Supplemental Requirements for more information.
How to Apply
For more information, please contact firstname.lastname@example.orgPCI Forensic Investigator FAQs