Skip to main content
University of Wisconsin-Stevens Point > Financial Operations > Merchant Credit Card Incident Reporting

​Credit Card Incident Reporting

Any questionable or suspicious activity should be reported immediately to the UWSP Information Security Office via email Information.Security.Office@uwsp.edu or by phone during normal work hours (715) 346-4408.

In the event of a breach or suspected breach of security, the department or unit must immediately notify the Information Security Office and PCI Team. The Information Security Office's response must meet the requi​rements of UW System Administrative Policy 1033, if warranted by type the incident.

Email: Information.Security.Office@uwsp.edu Phone: 715.346.4408

Office: Student Services Center, Room 106

Mail:    Information Security Office 106 SSC, UWSP

1108 Fremont Street Stevens Point, WI 54481

 

After initial notification, the UWSP Information Security Office will assess the incident and notify relevant stakeholders including:

  • Campus Police
    • Assess security camera footage of merchant location in the event of a substituted/tampered card processing device. Initiate investigation if internal personnel involved (insider threat)
  • The processing bank of the merchant and third-party service providers
    • Notify incident type (breach, ecommerce skimming, tampered/substituted card processing device, card testing attack) and the start/end date and time
  • Effected customers
    • Notify customer that their payment card data may have been compromised. Include date and unique identifier of transaction(s).

​The Information Security Office and PCI Team will assess possible continuality of operations procedures based on the payment channel type to alleviate disruptions to the merchant's business processes. This may include utilizing another in-place ecommerce payment channel, processing telephone orders on an approved cellular device, or utilizing another merchant's solution. If a third-party service provider is unable to rectify their solution in a timely manner, the PCI Team & Information Security Office will explore long-term alternatives in conjunction with the effected merchant(s).

​The Information Security Office and PCI Team reserve the right to conduct tabletop exercises periodically to perform an assessment of the incident response plan and possible continuality of operations procedures with relevant stakeholders (Campus Police, merchant coordinators, cashiers).​
Copyright © 1993- University of Wisconsin-Stevens Point and University of Wisconsin Board of Regents