PCI Forensic Investigators
PCI Forensic Investigators (PFIs) help determine the occurrence of a cardholder data compromise and when and how it may have occurred. These PCI Forensic Investigators are qualified by the Council’s program and must work for a Qualified Security Assessor company that provides a dedicated forensic investigation practice. They perform investigations within the financial industry using proven investigative methodologies and tools. They also provide relationships with law enforcement to support stakeholders with any resulting criminal investigations.
Please note, the PCI Security Standards Council maintains an in-depth program for forensic companies seeking to be certified as PCI Forensic Investigators, and to be re-certified as PFIs each year.
Certification and re-certification indicate only that the applicable PFI has successfully met all PCI Security Standards Council requirements to perform forensic investigations, and the PCI Security Standards Council does not endorse these providers or their business processes or practices.
Although the PCI Security Standards Council strives to ensure that the list of PCI Forensic Investigators linked to on this page is current, it is updated frequently and the Council cannot guarantee that the list is up-to-date at all times. Accordingly, each time a client engages a PFI, they are advised to check this list to ensure that its advisor has successfully maintained its status as a PCI Forensic Investigator.
Verify a PFI Employee
Find a PCI Forensic Investigator Company
For additional information regarding the status of a specific PFI organization, please contact that organization's Primary Contact as listed on the PCI SSC website. For general information about remediation, please contact the PCI SSC Program Manager at firstname.lastname@example.org.
*Servicing Markets Abbreviations
AP - Asia Pacific, CEMEA - Central Europe, Middle East, and Africa, LAC - Latin America and the Caribbean