Merchant Bank Account Requirements for Compromised Entities
Here is a list of concrete actions you should take if a breach is confirmed or suspected:
- Immediately contain and minimize the exposure. Limit data loss. Prevent the additional loss of information by conducting a complete investigation of the compromise of information. Compromised organizations need to consult with their own incident response team. To save evidence and facilitate the investigation:
- Never access or change a compromised payment processing system (that is, don't log in at all to the compromised system and change passwords; don't log in as ROOT).
- Do not shut the compromised system off. Instead you should isolate all compromised systems from the rest of the network (that is, unplug the network cable).
- Store evidence and logs (that is, evidence, security events, internet, database, firewall, etc.)
- Note all actions you take.
- If yours is a wireless network, replace the Service Set Identifier (SSID) on the access point (WAP) and all other systems that may be on this connection (excluding any systems that are believed to be compromised).
- Remain on alert and keep an eye on the traffic on all systems storing customer data.
- Inform all involved parties immediately, including:
- Your internal incident response and information security teams.
- Your merchant bank account acquirer.
- The appropriate law enforcement agency.
- Your legal department to establish whether notification laws are applicable.
- Provide all compromised account data to your processor or to the Associations within ten business days. All possibly compromised accounts must be identified and transmitted as instructed by the processing bank. The Association will then distribute the compromised card account numbers to the affected card issuers.
- Within three business days of the confirmed or suspected compromise, send an incident report to the merchant bank account acquirer or to MasterCard and Visa.
Visit our website for more.