• Developers
  • Reporting
  • Disputes
  • Contact us
  • Log in

Main Navigation

  • Account

      Account

        • Customer docs & pricing

          Find important documents such as our Terms of Service and Merchant Operating Instructions, as well as more information on things like Stored Credential Transactions and the Account Updater Service

        • Compliance & security

          For more information on Strong Customer Authentication, PCI Compliance, and fraud prevention best practices

        • Stationery ordering

          Order your tally rolls, card scheme logo stickers, and more

        • FAQs

          Our FAQs can help you with queries including pricing changes, cleaning and restarting your terminals, and Multi-Factor Authentication

  • Products

      Products

        • POS help
        • Ecommerce help
        • Bank Payment
  • Insights
  • Trending Articles
Sign up
Search

Main Navigation

  • Account
      Account

      Account

    • Customer docs & pricing
    • Compliance & security
    • Stationery ordering
    • FAQs
  • Products
      Products

      Products

    • POS help
    • Ecommerce help
    • Bank Payment
  • Insights
  • Trending Articles
    • Developers
    • Reporting
    • Disputes
    • Contact us
    • Log in
    Sign up /en-gb/sitecore/content/gpn/corporate/corporate/home/modals/signup-homepage

Sidebar Navigation

  • Account -
    • FAQs +
      • Pricing frequently asked questions +
      • PCI Frequently asked questions +
      • Best practice for cleaning your POS device(s) +
      • Terminal restart guide +
      • CNP FAQs - resubmitting declined transactions +
      • Multi-Factor Authentication for Global Payments Ecommerce Portal +
      • Ecommerce FAQs +
      • Bank Payment FAQs +
      • Your invoice explained +
      • How do I make a complaint +
    • Customer Docs & Pricing +
      • Terms of Service +
      • Merchant Operating Instructions +
      • Interchange fee update +
      • Recovered card form +
      • Mastercard and Visa Interchange rates +
      • Merchant Data Processing Notice +
      • Enhanced Authorisation Data Service merchant implementation guide +
      • Stored Credential Guide +
      • SCT Technical Implementation Guide +
      • SCT Decision Tree +
      • Account Updater Service +
      • Account Updater migration to UK Ensurebill +
    • Compliance & Security -
      • Ecommerce fraud management +
      • Know the risks +
      • Online Card Not Present Best Practices +
      • Fraud Hints and Tips Guide +
      • Reducing Risk of Fraud Guide +
      • Guide to Patching +
      • Know the risks +
      • What To Do If You're Compromised -
      • PCI Frequently asked questions +
      • SCA +
        • One-off payments without saving card details
        • One-click payments without saving card details
        • Card saved for recurring, automatic payments
        • Payment over the phone (MO/TO)
        • What Do I Need to Do to Be SCA Compliant?
        • PSD2 and SCA Technical Information Guide
        • Strong Customer Authentication Decision Tree
        • How to use the Strong Customer Authentication (SCA) Authentication Outage Indicator
    • Stationery ordering +
    • How do I understand my invoice? +
  • Products +
    • Point of Sale Help +
      • Quick Start Guide Miura M10 Device +
      • Quickstart Guide Miura M20 Device +
    • Ecommerce Help +
      • Transaction management +
      • Customer management +
      • Fraud Management +
      • Resetting your password +
      • Virtual Terminal +
      • Ecommerce portal navigation +
      • User Management +
      • Transaction reporting +
      • Ecommerce FAQs +
    • Bank Payment +
      • Bank Payment FAQs +
      • Bank Payment sales sheet +
  1. Home
  2. Account
  3. Compliance & Security
  4. What To Do If You're Compromised
Last updated 01/25/2023
2 Min Read Time

What To Do If You're Compromised

RISK & COMPLIANCE 

Data security update a merchant’s guide - what to do if you’re compromised 

What’s a data compromise? 

A data compromise or a data breach is a breach of security leading to the accidental or unlawful disclosure of data that you process for your customers, which criminals could use to commit fraud. The information of most value to criminals includes your customers’ card numbers, card expiry dates, names, addresses and card security details, such as CVC and track data. 

Your business could be a target for criminals, so don’t fall into the trap of “It won’t happen to me”. The costs for investigating and remediating a breach can be very high along with stress, anxiety and the possible disruption to your business. 

If you suffer a data breach, you may be required to conduct a forensics investigation to determine the cause of the breach and may be required to re-attest your Payment Card Industry Data Security Standard (PCI DSS) compliance. The cost of a forensics investigation starts at around £2,500 and can easily cost more than £10,000. There are also other costs associated with a data breach post event, including Card Schemes penalties and the costs for achieving and maintaining PCI DSS compliance. These fees can be of similar size but can easily be much more. 

It doesn’t stop there as there’s the possibility that your business may incur adverse publicity, which can lead to the loss of your customers’ trust in your brand. 

How does a data compromise occur? 

If the breach is deliberate and unlawful, criminals could gain access to your customers’ information in many ways, including: 

  • Hacking your website or computer network and Point Of Sale equipment; 
  • Through your Third Party Merchant Agents or Payment Service Providers (PSP), such as your web hosting company, who may have not taken the necessary precautions to safeguard your customers’ data that you’ve outsourced to them; 
  • A dishonest member of staff accessing and passing on cardholder information to criminals; or 
  • Theft of terminals and terminal receipts from premises. 

How do I know if I’ve been compromised?

Merchants become aware of a breach in many ways, including system generated incident alerts, unexpected changes to their web pages or files on their website, or from alerts through their PSP. Most merchants only find out through their customers or from their acquirers once fraud starts to occur on the compromised card data. The damage has already been done by this time. However, you can take remedial action as soon as you find out to limit further damage and costs.

How can I reduce the risk of a compromise?

Ensure that not only your business is PCI DSS compliant but also all the PSPs that process your payment data are too. 

Follow these best practices to protect card data:

  • Use strong passwords;
  • Don’t write down passwords and don’t use vendor supplied default passwords; 
  • Use firewalls and up to date anti-virus software;
  • Install the latest patches that are published or supplied by your vendors; 
  • Check all equipment such as payment terminals for tampering; 
  • Restrict or limit access to the systems internally;
  • Be vigilant to phishing attacks; and 
  • Perform regular scans for vulnerabilities. 

I think I’ve been compromised - what should I do?

If you suspect that your business has suffered a data breach, there are immediate steps you can take to minimise the possible damage and achieve compliance quickly. 

If you notice any unusual activity or suspect that your business has been compromised, we strongly recommend taking the following action: 

  1. Contact Global Payments on 0345 702 3344* immediately and report the incident; 
  2. Contact your data security incident management team and follow your incident response plan; 
  3. Notify the local law enforcement agency. 

To minimise further data loss, preserve evidence and facilitate the investigation process, follow these ‘Dos’ and “Don’ts”. 

  • Don’t access, alter or delete files in the compromised system(s). 
  • Don’t attempt to change passwords on the compromised systems. 
  • Don’t log in as ROOT. 
  • Don’t turn off the compromised system(s).
  • Do isolate the compromised system from the network (i.e. unplug network cable). 

If access to the compromised system can’t be avoided, then keep detailed records of what action(s) have been taken with the dates and time, and: 

  • Do preserve logs (for example, security events, web, database, firewall etc.). 
  • Do change the Service Set Identifier (SSID) (if using a wireless network) on the wireless access point (WAP) and other systems that use WAP (with the exception of any systems believed to be compromised). 

Monitor traffic on all systems that contain cardholder data. Be on ‘high alert’ and ensure you log all actions taken. By self-reporting any suspected breach early, you can help to reduce the impact to your business. 

If in doubt, contact Global Payments immediately on 0345 702 3344*, selecting the option for ‘all other enquiries’ and report any incidents. We’ll support you fully whilst you address the breach and ensure you can continue taking card payments.

*Lines are open from 9am to 6pm, Monday to Friday, except public holidays. If you have a speech or hearing impairment, you can call us using the Relay Service by dialling 18001 followed by 0345 702 3344*. Calls may be recorded. To help us continually improve on our service and in the interests of security, we may monitor and/or record your telephone calls with us. Any recordings remain our sole property.

  • Account
  • Products
  • Customer Docs & Pricing
  • Compliance & Security
  • Industry news
  • Trending articles
  • Notices and Policies
  • Sitemap

Already a customer?

Log in

Connect

  • LinkedIn
  • Twitter
  • Facebook
  • YouTube
{D6036E8F-C9A1-420D-AEC3-5680EC9FBE35}
 

Global Payments is a trading name of GPUK LLP. GPUK LLP is authorised by the Financial Conduct Authority under the Payment Services Regulations 2017 (504290) for the provision of payment services and under the Consumer Credit Act (714439) for the undertaking of terminal rental agreements. GPUK LLP is a limited liability partnership registered in England with company number OC337146. Registered Office: Granite House, Granite Way, Syston, Leicester, LE7 1PL. The members are Global Payments U.K. Limited and Global Payments U.K. 2 Limited. Service of any documents relating to the business will be effective if served at the Registered Office.

Global Payments is also a trading name of Pay and Shop Limited. Pay and Shop Limited is a limited company registered in Ireland with company number 324929. Registered Office: The Observatory, 7-11 Sir John Rogerson's Quay, Dublin 2, Ireland. Service of any documents relating to the business will be effective if served at the Registered Office.

© 2023 GPUK LLP. All rights reserved. Privacy Statement | Terms of Use  | Ethics Reporting Hotline | Gender Pay Report  | Anti Slavery Statement