The PCI DSS v3.2 Self-Assessment Questionnaires requires that all merchants have an Incident Response Plan, regardless of their size, volume of transactions or the extent to which they have outsourced the handling of payment card data. This is to make sure they can respond effectively in the event of a breach that could impact payment card data.
To help your merchants understand what they need to do if they are breached we have prepared this factsheet which describes how business can prepare for, recognise, and respond to a data breach.
Merchants can make use of our Security Incident Response Plan Template to help them fully define and document their Incident Response Plan.
We hope you will share this guidance with your business customers to help them be ready to deal with a breach and fulfill PCI DSS requirement 12.10.1.
If you are a merchant that requires technical or PCI DSS help, please click here