PCI Resources

Symptoms of Data Breaches

The following are common symptoms to look for in a data breach.

  • A system alarm or similar indication from an intrusion detection tool
  • Unknown or unexpected outgoing Internet network traffic from the payment card environment
  • Presence of unexpected IP addresses or routing
  • Suspicious entries in system or network accounting
  • Accounting discrepancies (e.g. gaps in log-files)
  • Unsuccessful logon attempts
  • Unexplained, new user accounts
  • Unknown or unexpected services and applications configured to launch automatically on system boot
  • Anti-virus programs malfunctioning or becoming disabled for unknown reasons
  • Unexplained, new files or unfamiliar file names
  • Unexplained modifications to file lengths and/or dates, especially in system executable files
  • Unexplained attempts to write to system files or changes in system files
  • Unexplained modification or deletion of data
  • Denial of service or inability of one or more users to log in to an account
  • System crashes
  • Poor system performance
  • Unauthorized operation of a program or sniffer device to capture network traffic
  • Use of attack scanners, remote requests for information about systems and/or users, or social engineering attempts
  • Unusual time of usage
  • Unauthorized wireless access point detected

Please review the POS Tampering Checklist located here and review these items weekly.

Security Breach

An ‘incident’ is defined as a suspected or confirmed ‘data compromise’. A ‘data compromise’ is any situation where there has been unauthorized access to a system or network where prohibited, confidential or restricted data is collected, processed, stored or transmitted; payment card data is prohibited data. A ‘data compromise’ can also involve the suspected or confirmed loss or theft of any material or records that contain cardholder data.

In the event of a breach or suspected breach of security, the department must immediately execute each of the relevant steps detailed below:

·         The merchant department responsible person (MDRP) or any individual suspecting a security breach must immediately notify the Incident Response Team at pcicompliance@rollins.edu, in accordance with the Incident Response Plan, of an actual breach or suspected breach of payment card information. Email should be used for the initial notification and include a telephone number for the Incident Response Team to respond to. Details of the breach should not be disclosed in email correspondence.

·         Notify the MDRP and the department head of the unit experiencing the suspected breach.

·         The MDRP or any individual suspecting a security breach involving e-commerce also must immediately ensure that the following steps, where relevant, are taken to contain and limit the exposure of the breach:

  • Prevent any further access to or alteration of the compromised system(s). (i.e., do not log on at all to the machine and/or change passwords)
  • Do not switch off the compromised machine; instead, isolate the compromised system(s) from the network by unplugging the network connection cable.
  • Preserve logs and electronic evidence.
  • Document every action you take from the point of suspected breach forward, preserving any logs or electronic evidence available. Include in the documentation:
    • Date and time
    • Action taken
    • Location
    • Person performing action
    • Person performing documentation
    • All personnel involved
    • Be on HIGH alert and monitor all e-commerce applications

·         If a suspected or confirmed intrusion / breach of a system has occurred, the Incident Response Team will alert the merchant bank, the payment card associations, Campus Safety, local authorities, Rollins College Chief Financial officer and the Chief Information Officer. A detailed incident response plan will be maintained by PCI Compliance Team.

Additional PCI Policies

PCI Policy at Rollins

Merchant Standard Operating Procedure Template

Finance Department
Rollins College
Mailing Address: 1000 Holt Ave.-2715
Winter Park, FL 32789
T. 407.646.2125
Office Location: 422 West Fairbanks Building