Despite all of our best efforts to protect sensitive personal information from falling into the wrong hands, we can never achieve absolute security. There are plenty of hackers out there that are equally hard at work attempting to beat our security measures and steal card account details and unfortunately they are successful at times. Merchants should develop and implement security measures to enable them to proactively detect suspected breaches, respond quickly and minimize the damage in case data is compromised. If you suspect or have confirmed that your information security system has been breached, you should take the following measures:
- Immediately contain and limit the exposure. To protect any further loss of data, you should conduct a thorough investigation of the suspected or confirmed loss or theft of account information within 24 hours of the compromise. The following concrete actions should be taken:
- Do not access or attempt to access the systems that were compromised. Do not change your log-in details.
- Do not turn off the compromised system. Instead, unplug the cables that connect it to the rest of your network.
- Try and save the logs and all other information that can be used as evidence in your investigation.
- Document all actions that were taken.
- If you are using a wireless network, change the network access code and the network’s name on the access point. Adjust all systems accordingly, save for the compromised one(s).
- Remain on high alert for the duration of the investigation and monitor all components of your system.
- Immediately contact all parties involved. All parties involved in the credit card processing cycle should be immediately alerted of the suspected or confirmed security breach. Be sure to contact:
- Your organization’s security group, if applicable.
- Your organization’s legal department.
- Your payment processor.
- The local FBI office.
The Credit Card Associations of Visa and MasterCard have established procedures for handling suspected and confirmed data breaches and will contact you to assist in the investigation. In the event of a compromise, they may send a team to go on-site and help identify security deficiencies, control exposure and discuss the measures that need to be taken to prevent similar events from occurring in the future. Once you have identified the compromised account numbers, you will have to distribute them to the respective credit card companies and associations and your processing bank will instruct you exactly how to do that. The compromised account numbers will then be distributed to the card issuers who may issue new replacement card account numbers. Your processor will also instruct you on any other actions that may need to be taken, including providing an incident report, undergoing an independent forensic review, etc.
Image credit: Itpro.co.uk.