Merchants 5 Step Guide
To PCI Compliance
|
ISO / Acquirers 5 Step Guide
To PCI Compliance
|
|
Step One: Spot/investigate the breach
The PCI DSS Self Assessment Questionnaire is an excellent way to spot or investigate a data breach, whether or not your organization is currently PCI compliant.
In the case of Bananas.com, it was months before they realized that a breach had taken place.
For TJX, it took several years after the breach for the company to realize that 45.7 million credit card numbers had been compromised. The company is still reeling from paying out settlements, upwards of 40 million dollars, for class-action suits against them.
If your organization is hit by a data breach, the first thing to do is to detect where the breach occurred, by looking at all of the IT departments, including network and systems, Internet activity or whether there has been a physical theft of a computer or computer hard drive. Additionally, utilizing and monitoring intrusion detection systems (IDS) can give vital information on data breaches.
Once your organization has determined the type of breach and what sector it affects, it's time to determine the scope and size of the damage from the data breach.
This data breach assessment includes:
- The number of customers affected.
- Systems that are damaged or infected by malicious intrusions, if applicable.
- The exact type of data breach-Was it credit card numbers? Social Security Numbers? Vital statistic information? Address and telephone numbers?
- Projected amount of cost to repair the damage from the organization perspective and, most importantly, the customer aspect.
- A complete list of compromised accounts
- Decisions as to whether to monitor, freeze or close affected accounts, if applicable.
- Blocking and reissuing credit cards, if needed
- Monitoring and studying affected accounts
- Determining fraud patterns
 Print this page
 Send this page to a friend
|
|
