PCI Security Standards Council®

PCI Forensic Investigators

PCI Forensic Investigators (PFIs) help determine the occurrence of a cardholder data compromise and when and how it may have occurred. These PCI Forensic Investigators are qualified by the Council’s program and must work for a Qualified Security Assessor company that provides a dedicated forensic investigation practice. They perform investigations within the financial industry using proven investigative methodologies and tools. They also provide relationships with law enforcement to support stakeholders with any resulting criminal investigations.

Please note, the PCI Security Standards Council maintains an in-depth program for forensic companies seeking to be certified as PCI Forensic Investigators, and to be re-certified as PFIs each year.

Certification and re-certification indicate only that the applicable PFI has successfully met all PCI Security Standards Council requirements to perform forensic investigations, and the PCI Security Standards Council does not endorse these providers or their business processes or practices.

Although the PCI Security Standards Council strives to ensure that the list of PCI Forensic Investigators linked to on this page is current, it is updated frequently and the Council cannot guarantee that the list is up-to-date at all times. Accordingly, each time a client engages a PFI, they are advised to check this list to ensure that its advisor has successfully maintained its status as a PCI Forensic Investigator.

Search by Last Name, First Initial to quickly verify the certification status of a PCI Forensic Investigator.


Find a PCI Forensic Investigator Company

Filter Results

Filter by:
Place of Business
Languages Supported
Export List 

Or search by Servicing Region

or Search by Servicing Country

PFI Companies:

Place of Business
Primary Contact
Servicing Markets
Supported Languages
* 'In Remediation' status indicates that a PFI organization has elected to participate in the PFI Remediation Program, after determination by the PCI SSC Quality Assurance review team that the organization did not meet all applicable program requirements. PFIs "In Remediation" are permitted to perform PFI Investigations in accordance with the PFI Program Guide and may be actively seeking to do so with the objective of successfully completing remediation.

For additional information regarding the status of a specific PFI organization, please contact that organization's Primary Contact as listed on the PCI SSC website. For general information about remediation, please contact the PCI SSC Program Manager at pfi@pcisecuritystandards.org.

*Servicing Markets Abbreviations
AP - Asia Pacific, CEMEA - Central Europe, Middle East, and Africa, LAC - Latin America and the Caribbean

Our website uses both essential and non-essential cookies (further described in our Privacy Policy) to analyze use of our products and services. By clicking “ACCEPT” below, you are agreeing to our use of non-essential cookies to provide third parties with information about your usage and activities. If you click “DECLINE” below, we will continue to use essential cookies for the operation of the website.

Powered by Translations.com GlobalLink OneLink SoftwarePowered By OneLink