The key is having a plan in place to respond to the possibility of a data breach to your systems or those of the third parties storing, processing or transmitting cardholder data on your behalf.
PCI DSS is designed to reduce, if not eliminate, the risk of data a compromise. However, security can never be perfect - so it's vital to have your own incident response plan in place, tailored to your own business environment, to be able to effectively manage the ongoing risk of a possible ADC.
What to do in the case of an ADC?
If you find a compromise - or merely suspect one - you need to take the following steps:
- Make contact immediately - with your merchant acquirer, WorldPay.
- Leave compromised systems alone - don't access them or alter them in anyway. For example, don't log-on or change your passwords.
- Don't turn off compromised systems - instead, unplug any network cables to disconnect them from your network.
- Back-up immediately - carry out a back-up of your systems to preserve their current state. This also helps with any investigations at a later stage.
- Please reference the Visa CISP "What to Do if Compromised" article
Contact details for WorldPay customers
Email: PCISecurity@WORLDPAY.US
Important Information
This site is designed by WorldPay. If you've been compromised, it's vital you refer to us as your merchant acquirer.
