Merchants have a responsibility and an obligation to protect the privacy of the credit card information that customers provide during transactions. They must comply with a set of payment card information protection standards that the Credit Card Associations have enacted. Still, security breaches do occur and, when that happens, merchants must have policies in place to guide their responses. If merchants or
merchant services providers experience a suspected or confirmed security breach, they should:
- Immediately contain and limit the exposure. To protect any further loss of data, merchants should conduct a thorough investigation of the suspected or confirmed loss or theft of account information within 24 hours of the compromise. Implement the following measures:
- Do not access or alter compromised computer systems. Do not log on to the computer or change passwords.
- Do not turn off the compromised computer. Instead, isolate compromised systems from the network by unplugging their cables.
- Preserve logs and electronic evidence.
- Log all actions taken.
- If using a wireless network, change the network code on the access point and on computers that may be using this connection (with the exception of any systems believed to be compromised).
- Be on high alert and monitor all data security and fraud prevention systems.
- Alert all necessary parties. You should immediately contact:
- Your internal information security group, if applicable.
- Your legal department.
- Your merchant services provider.
- The local FBI office.
In the event of a security breach, the Credit Card Associations or your
merchant processing bank will contact the merchant or
merchant services provider to discuss the compromise and review the actions required to prevent future loss or theft of transaction information.
No comments:
Post a Comment