How to Respond and Recover From a Payment Card Breach

How to Respond and Recover From a Payment Card Breach

Last year, there were over 408 million breached records across 1,063 publicly disclosed security incidents.

Payment card breaches can lead to severe repercussions, from regulatory penalties to long-lasting damage to your company’s reputation.

If your organisation falls victim to a payment card breach, it’s vital you respond quickly and effectively to contain the breach and reduce its impact. In this blog post, we take you through a step-by-step guide on how to do just that. 

Step 1 – Identify and Contain the Breach

As soon as a payment card breach has been discovered, you will need to identify the source and contain the breach to prevent any further damage. If you don’t have in-house resources with the skills to do this, it’s important to bring in an experienced third-party firm that can do this for you. Every step of this process should be documented for analysis and potential legal requirements.

Step 2 – Deploy Your Incident Response Plans

Once the breach has been contained, you’ll need to deploy your incident response plans. These plans should have been created prior to the breach, and detail the actions and roles that will be taken following an incident.

If your organisation doesn’t have any incident response plans or skills in-house to manage the breach, they should look to bring in a professional firm. Having a breach handled efficiently and effectively is vital when it comes to containing the impact.

Find out more about Incident Response Planning >>

Step 3 – Disclosing the Breach

As soon as you become aware of the breach, you will need to make the following bodies aware:

-Your payment processor

– Your bank

– Visa or Mastercard

– The ICO – where relevant

Under the PCI DSS, the timeframe for reporting a payment card breach can depend on the card brand, and your agreement with the acquiring bank or payment processor. Visa require breaches to be reported within three working days. MasterCard say “A customer must notify Mastercard immediately when the customer becomes aware of an ADC Event or Potential ADC Event in or affecting any system or environment of the customer or its Agent.”

Under the General Data Protection Regulation (GDPR), in the case of a personal data breach, the controller shall without undue delay and, where feasible, report the breach no later than 72 hours after having become aware of it.

Step 4 – Informing Affected Customers

If you want to maintain your customer’s trust, you’ll need to notify them as soon as possible. You should keep them informed on the cause of the breach, what data has or may have been compromised, and any steps they should take to protect themselves (contact their bank, cancel their card, check for suspicious activity).

Step 5 – Investigate the Breach

Once the immediate crisis has been handled, you’ll need to conduct a thorough investigation as to how the breach occurred and identify the full extent of the damage. The payment brands may require an independent forensic investigation to be completed by a PCI Forensic Investigator (PFI) listed on the PCI SSC website.

PCI Forensic Investigation is a specific type of investigation conducted by an approved PFI to determine the cause and extent of a payment card data breach.

The main objective of a PFI is to identify how the breach occurred, assess the scope of the breach and the volume of card data at risk, and provide recommendations for remediation and prevention of future incidents.

Find out more about PCI Forensic Investigations >>

Step 6 – Implement a Recovery Plan

Using the findings from your investigation, you’ll need to develop and implement a recovery plan. This plan should detail how you will strengthen your security procedures, implement more robust security measures, and improve staff awareness to help identify and prevent any further breaches.

Conducting regular security audits and vulnerability scans is recommended in order to identify any potential weaknesses and vulnerabilities.

Step 7 – Continuous Monitoring and Improvement

Following a payment card breach, it’s vital to continuously monitor your environment to ensure that no further breaches occur, and that the measures you have implemented are effective.

Regularly reviewing and improving your security protocols and incident response measures can help you keep on top of the cyber risks you face, and ensure you have effective controls in place when it comes to responding to an incident.

Cyber Incident Tabletop Exercises are commonly used as a way to test your current incident response procedures, processes and policies.

By running through scenarios in a controlled environment, these exercises are a great way to identify any gaps or weaknesses in an organisation’s existing incident response plans and develop better strategies for responding to an incident.

Find out more about Cyber Incident Tabletop Exercises >>

Effectively Respond and Recover from a Payment Card Breach

A payment card breach can severely affect an organisation’s reputation and bottom line, but by responding effectively and implementing robust incident response measures, businesses can reduce the impact of the breach, protect their customers, and safeguard against future cyber incidents.

3B Data Security are one of only a handful of globally approved PFI companies certified by the PCI SSC and payment card brands to help merchants forensically investigate and recover from a compromise of cardholder data.

Our senior consultants have been Qualified Security Assessors (QSA) since 2008, and have been investigating cardholder data compromises for Visa and MasterCard since 2007.

Our expert team have investigated hundreds of cardholder data breach investigations and have the skills and experience to help organisations of any size contain a breach and mitigate future incidents.  

Find out more about how we can help you respond and recover from a payment card breach >>

If you think you’ve suffered from a breach and need immediate support, you can get in touch with our team now.

We operate 24x7x365 across the UK and globally.

Call us on 01223 298333 or out of hours on 01223 298338 or email us at