PCI Forensic Investigators

PCI Forensic Investigators (PFIs) help determine the occurrence of a cardholder data compromise and when and how it may have occurred. These PCI Forensic Investigators are qualified by the Council’s program and must work for a Qualified Security Assessor company that provides a dedicated forensic investigation practice. They perform investigations within the financial industry using proven investigative methodologies and tools. They also provide relationships with law enforcement to support stakeholders with any resulting criminal investigations.

Please note, the PCI Security Standards Council maintains an in-depth program for forensic companies seeking to be certified as PCI Forensic Investigators, and to be re-certified as PFIs each year.

Certification and re-certification indicate only that the applicable PFI has successfully met all PCI Security Standards Council requirements to perform forensic investigations, and the PCI Security Standards Council does not endorse these providers or their business processes or practices.

Although the PCI Security Standards Council strives to ensure that the list of PCI Forensic Investigators linked to on this page is current, it is updated frequently and the Council cannot guarantee that the list is up-to-date at all times. Accordingly, each time a client engages a PFI, they are advised to check this list to ensure that its advisor has successfully maintained its status as a PCI Forensic Investigator.

Read more

Let us know what you think

Your experiences with their service will help make the global team better!
Give Feedback

Find a PCI Forensic Investigator Company

Filter by
Export List 
Place of Business
Primary Contact
* 'In Remediation' status indicates that a PFI organization has elected to participate in the PFI Remediation Program, after determination by the PCI SSC Quality Assurance review team that the organization did not meet all applicable program requirements. PFIs "In Remediation" are permitted to perform PFI Investigations in accordance with the PFI Program Guide and may be actively seeking to do so with the objective of successfully completing remediation.

For additional information regarding the status of a specific PFI organization, please contact that organization's Primary Contact as listed on the PCI SSC website. For general information about remediation, please contact the PCI SSC Program Manager at pfi@pcisecuritystandards.org.

*Servicing Markets Abbreviations
AP - Asia Pacific, CEMEA - Central Europe, Middle East, and Africa, LAC - Latin America and the Caribbean