In addition to complying with any applicable laws and regulations, you and your agents must take immediate action to contain the incident, notify payment system partners and investigate the incident, which may include retaining an independent PCI Forensic Investigator (PFI).
Overview
In the event of a data breach, respond quickly.
Response checklist
Follow these steps if you believe you’ve been compromised
-
- Stay alert and monitor all systems that have cardholder data or may have connections to the cardholder data environment.
- Don’t log in or change passwords on the at-risk systems. Don’t log in as ROOT.
- Detach the at-risk system from the network by unplugging the cable. Do not turn it off.
- Change secure service identification on the access point and all systems using a wireless connection, except the at-risk systems.
- Save all logs and electronic evidence.
- Keep a record of all actions taken.
-
- This should be done within 3 business days of the incident. See Appendix A of the What to Do If Compromised guidelines for the report template.
-
Deliver all potentially compromised Visa, Interlink, and Plus account numbers within 10 business days. Visa will distribute the numbers to issuers and safeguard confidentiality.
Note: Visa and your acquirer will determine whether to conduct an independent forensic investigation.
Visa response team
Visa has two support groups to help you respond to a payment card breach.
Visa Fraud Investigations
- Works to obtain all potentially compromised account numbers
- Shares at risk account information with issuers
- Works with the appropriate law enforcement on your behalf
- Facilitates a timely forensic investigation
Data Security Team
- Provides guidelines to assist your response to the incident
- Makes sure you take action to minimize future risk to account information
More resources
Find more information on protecting your business
Minimizing Payment Risks for Merchants Using Integrators/Resellers
Cybercriminals Targeting Point of Sale Integrators
Effectively Managing Data Breaches
5 Important Visa Rules That Every Merchant Should Know
Identifying and Mitigating Threats to E-commerce Payment Processing
You may also be interested in
Merchants + small business
Learn more about how accepting Visa cards can help you grow your business.
Visa Ready
Tap into a new breed of merchants who represent a rapidly growing opportunity in mPOS.