Tamaño del texto Aumentar el tamaño de la letraDisminuir el tamaño de la letraRestablecer el tamaño de la letra

PCI Forensic Investigator (PFI) Program

How to Apply

The PCI Forensic Investigator (PFI) program establishes and maintains rules and requirements regarding eligibility, selection and performance of companies that provide forensic investigation services to ensure they meet PCI Security Standards. The PFI program aims to help simplify and expedite procedures for approving and engaging forensic investigators by:

  • Providing a single set of requirements for forensic investigators upon which market participants may align
  • Maintaining a list of Council-approved forensic investigators for compromised entities to choose from
  • Providing guidance on how investigations are to be conducted and reported


Eligible PFI candidates must be recognized as a QSA Company. It is imperative that forensic investigators involved in this program completely understand the PCI DSS and its intended application within the cardholder data environment.

The Supplemental Requirements document provides details on criteria that each PFI candidate company is required to meet including:

  • The existence of a dedicated forensic investigation practice within your company
  • Staff with the necessary backgrounds and skills
  • Experience performing investigations within the financial industry using proven investigative methodologies & tools; and
  • Relationships with law enforcement to ensure you can support any resulting criminal investigations


View the list of approved PCI Forensic Investigators.


Initial processing fee and approval fee apply. Please see Supplemental Requirements for more information.

How to Apply

For more information, please contact pfi@pcisecuritystandards.org

PCI Forensic Investigator FAQs


Volver al principio

El PCI Security Standards Council (el "Concejo") proporciona una serie de herramientas, cuestionarios, orientación, preguntas frecuentes, recursos de capacitación y otros materiales e información para prestar asistencia a organizaciones que buscan el cumplimiento de sus normas (las "Normas"). También hay productos y servicios de terceros disponibles, pero el Concejo no respalda ni recomienda tales productos o servicios de terceros, y recomienda a todas las organizaciones que buscan el cumplimiento de las Normas familiarizarse con las mismas y sus requisitos relacionados antes de adquirir productos o servicios de terceros. En última instancia, se deben cumplir todos los requisitos aplicables a fin de lograr el cumplimiento, independientemente de si se utilizan productos o servicios de terceros o de cuáles sean.
Powered By OneLink