Suspect you’ve been compromised?

We'll help you respond.

Security guidelines

Overview

In the event of a data breach, respond quickly. Contact your acquiring bank immediately.

Response checklist

Follow these steps if you believe you’ve been compromised

Stay alert and monitor all systems that have cardholder data or may have connections to the cardholder data environment.
Don’t log in or change passwords on the at-risk systems. Don’t log in as ROOT.
Detach the at-risk system from the network by unplugging the cable. Do not turn it off.
Change secure service identification on the access point and all systems using a wireless connection, except the at-risk systems.
Save all logs and electronic evidence.
Keep a record of all actions taken.

Notify your internal information security group and incident response team.
Notify your acquirer.

This should be done within 3 business days of the incident. See Appendix A of the What to Do If Compromised guidelines for the report template.

Deliver all potentially compromised Visa, Interlink, and Plus account numbers within 10 business days. Visa will distribute the numbers to issuers and safeguard confidentiality.

Note: Visa and your acquirer will determine whether to conduct an independent forensic investigation.