If you believe your Merchant Account has been breached, please:
- Notify OSC within 24 hours of a known or suspected security breach at the email addresses below:
- Be prepared to provide OSC with the following information:
- Merchant Account Number
- Capture Method information (website address, POS terminal, 3rd party gateway, etc.)
- Details concerning breach (scope, severity, etc.)
- OSC will notify and provide First Data with all necessary information
- First Data will work directly with card brands and provide all necessary communication back to OSC
- All communication from card brands and First Data will come through OSC to Merchant Card Participant
- Merchant Account will be temporarily suspended until breach is resolved
- Whenever a press release regarding the occurrence of a security breach is warranted, OSC should be consulted first, in order to coordinate the timing of the release with any other notifications that may be required
- When reporting a security incident to OSC, all pertinent details of the incident are to be provided to assist OSC in making an assessment of the seriousness and extent of the incident. Any credit card data provided to OSC as part of the assessment process shall be transmitted in a secure encrypted manner
Further information can be found at NC OSC Policy 500.10.