Another Major Cardholder Data Breach
April 3, 2012
By now, most of us have heard the news about the recent cardholder data breach in a major payment processor's network. Reportedly, up to one-and-a-half million card numbers were compromised by "unauthorized access." Visa, subsequently, has removed the processor from its registry of compliant service providers. Here are a few key items to consider when news like this surfaces:
- A data breach to a payment processor can have widespread effects. Processors are a major link in the payment processing chain. The good news is that, as reported, no merchants systems were compromised. In this case, you, as a merchant, have no responsibilities for notifying your customers of any potential data loss. However, if at any time you are advised that you are part of a breach, remember there are 48 states that have data security laws requiring notification to customers within specific timelines.
- The decision by Visa to remove (at least temporarily) this processor from its list of compliant service providers may have an impact on your campus. This is not the first time a major processor has been "delisted," but in that case, it took several months to be re-listed. If you have any questions about this, I suggest you talk to your Acquiring Bank about your specific circumstances. Acquiring Banks are responsible for merchant compliance. As always, it is important to review the lists of approved service providers (ie. Visa and Mastercard) on a regular basis.
- One-and-a-half million cards may seem like a large number, but similar breaches in the past have affected many more cardholders. While the remediation process plays out, some of those affected cards might be used for payments to your campus. This may cause you to experience a higher than usual number of failed transactions.
This breach reminds us all to be prepared. PCI compliance and prevention of a data breach are important to your campus. But breaches can happen to anyone. It is critical to have a plan in place for what happens when the breach alarm goes off—the steps you would go through to manage the crisis and speed an eventual recovery.
Thanks for reading this Special Edition.
Thanks for reading.