On September 29, 2015, the PCI Security Standard Council (PCI SSC) issued guidance regarding data breach responses for merchants and service providers who process payment cards. The PCI SSC is a global forum founded by card brands (American Express, Discover, JCB, MasterCard, and Visa), and it is responsible for the development and management of the data security standards (i.e., the PCI-DSS and the PA-DSS standards) required by the card brands’ security programs. The new guidance includes the PCI SSC’s recommendations on: (i) how to prepare in advance of an incident to reduce risks and costs; and (ii) engaging and working with a Payment Card Industry Forensic Investigator (PFI) following a cardholder data breach.
Continue Reading PCI Security Standards Council Issues Guidance on Responding to a Data Breach