1. Don’t Panic. Immediately isolate the compromised system(s) and preserve evidence.
When a data compromise occurs or is suspected it is imperative that you contain the damage quickly to protect customer data and preserve evidence in case of a forensic investigation. Subsequently, work towards identifying the root cause for the incident. If you are a merchant, produce an accurate record of events for authorities.
Remember to comply with requirements that the payment card brands like American Express, Discover, JCB, MasterCard, Visa, etc. have. These requirements include notification timelines and the use of certified companies specializing in incident response.
2. Notify relevant authorities.
Notify the incident to the relevant authorities and also consider the following audience for notification:
- Customer service
Once the compromise is confirmed, immediately acknowledge responsibility for the compromise and express regret for its impact. Inform customers about the solution/plan for recovery.
The cardholder brand in consultation with your merchant bank, will determine whether or not an independent forensic investigation is required on the compromised entity.
3. If illegal usage of card data is suspected or possible, contact your local law enforcement.
Cardholder data breach may be a result of insider breach. If you are concerned that the cardholder data is compromised by an insider, refer to the Insider Breach section.