Frequently Asked Questions

< Back to search page

Are PCI Forensic Investigators (PFIs) permitted to enter into retainer-type agreements with merchants and service providers?

FAQ Response

PCI Forensic Investigators (PFIs) are required to use independent judgment in performing PFI investigations for entities which have been subject to compromise or where a compromise is suspected. It is of paramount importance that PFIs are not subject to any influences that may affect their independent judgment.

It is permissible for an entity to have a PFI on a retainer-type contract, in readiness to provide a rapid incident response, providing that all of the PFI Program independence requirements continue to be met.

PFIs must adhere to the independence requirements documented in Section 2.3 of the PFI Qualification Requirements

April 2017
Article Number 1306