In the event of a breach or suspected breach of security, the Merchant Department must immediately execute each of the relevant steps detailed below.
- The MDRP or any individual suspecting a security breach must immediately notify the Incident Response Team at firstname.lastname@example.org, in accordance with the Technical Incident Response Policy, of an actual breach or suspected breach of payment card information. Email should be used for the initial notification and to provide a telephone number for the Incident Response Team to respond to. Details of the breach should not be disclosed in email correspondence.
- The MDRP or any individual suspecting a security breach involving e-commerce also must immediately ensure that the following steps, where relevant, are taken to contain and limit the exposure of the breach:
- Prevent any further access to or alteration of the compromised system(s) (i.e., do not log on at all to the machine and/or change passwords).
- Do not switch off the compromised machine; instead, isolate the compromised system(s) from the network by unplugging the network connection cable.
- Preserve logs and electronic evidence.
- Log all actions taken.
- Document all conditions, personnel, and events around system at time of and leading up to suspected breach.
- Be on HIGH alert and monitor all e-commerce applications.
152 Maple Street
Marble Works, Suite 102
Middlebury, VT 05753