PCI Forensic Investigator (PFI)

The Payment Card Industry has announced an approved Forensic Investigator provider program.

The card brands will no longer list their own approved Forensic Investigators (FI) after February 2011 and instead let the PCI site manage a single centralized list.

Here is a brief overview of requirements:

FIs who wish to be considered for the PFI list (pronounced FI, silent P) will need a certification. None is offered by the Council, unlike the QSA and PA-QSA. SANS certificates are mentioned but the Council does not say SANS is recommended or required.

Also two investigations within the financial industry in the past twelve months are required for references but payment card incidents are not specified.

Finally, only QSA’s can be listed as a PFI and they must have law enforcement contacts (the good kind).


“Watson, as I perceive that these logins, although used, are by no means compromised, I can not doubt that you are at present busy enough to justify a token…for databases, the great cesspool into which all the Track Data of the Payment Card Industry are irresistibly drained.”

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.