What should I do in the event of a data compromise?
The risk of an information compromise incident is always present, and that is why you need to have in place a security incident response plan that is adequate for your business environment. This way you can minimize the impact on operations, as well as losses in the event of a compromise.
Visa must be notified immediately regarding any information compromise incident at a processor, merchant or service provider, and immediate action must be taken to mitigate and limit exposure.
If a Visa Member fails to immediately notify Visa LAC regarding suspicion or confirmation of theft or loss of any transaction information, the Member would be subject to penalties.
The Security Compromise Incident Response Guide is a useful tool containing information regarding the steps that must be followed to implement security incident response procedures.
By implementing the Visa AIS Program Security Standards you can minimize the risk of security compromise incidents.
To contact Visa in connection with an information security compromise, please email us at lacrmac@visa.com.
Penalties for Non-Compliance with AIS
Failure to comply with the AIS program requirements or to correct security vulnerabilities might result in:
- Fines at Visa's discretion
- Merchant restrictions, or
- Permanent prohibition for merchant or service provider from participating in the Visa system