In Case of Compromise

This section helps you to understand what you should do to prepare for and what action to take, should your organization suffer an information security breach. 

Incident response procedure for account compromise

The risk of theft or data compromise is an ongoing challenge. As 100 percent security cannot be guaranteed, it is necessary to have an incident response plan in place that is tailored to your business environment, in order to minimize disruption or losses to business operations in the event of an incident.    
The 'What To Do If Compromised' is a useful guide containing: information on the steps needed to develop and implement effective security response procedures; how to define and quantify a security breach; the actions to take; and whom to contact.

Download the 'What To Do If Compromised' document

By adhering to the appropriate security standards as defined in Visa's Account Information Security (AIS) program, the risk of security incidents occurring may be minimized.

Remember should a leak of account information occur you must advise your acquirer and Visa immediately.
Visa and your acquirer will help you minimize the potential for your customers' accounts being used fraudulently.

What you should do

If you experience a suspected or confirmed security breach, you should: 

1. Immediately contain and limit the exposure
To prevent the further loss of data, conduct a thorough investigation of the suspected or confirmed loss or theft of account information within 24 hours of the compromise.
To facilitate the investigation:
  • Do not access or alter compromised systems (i.e., don't log on at all to the machine and change passwords, do not log in as ROOT)
  • Do not turn the compromised machine off. Instead, isolate compromised systems from the network (i.e., unplug cable)
  • Preserve logs and electronic evidence
  • A backup should also be performed on the system to maintain the current state of the system to facilitate the post-mortem and forensic investigation later
  • Log all actions taken
  • If using a wireless network, change SSID on the AP and other machines that may be using this connection (with the exception of any systems believed to be compromised)
  • Be on HIGH alert and monitor all Visa systems.

2. Contact Visa International Fraud Control & Investigations