Kiosk Incident Process - Operator

The following process should be followed in any situation where a customer or operator may feel there has been a security incident with a kiosk. This process is meant to help gather data that will be passed to the 365 Retail Markets Incident Response (IR) team for review. In all situations it is important to contact 365 Support to have the situation documented and a case created for investigation. This is essential to demonstrate that 365 Retail Markets and the Operator have exercised our due diligence to protect the consumer and card holder data.

  1. Contact Support at 888-365-6282 and open a ticket with the initial information supplied by the host location.

  2. Contact the person(s) reporting the incident and complete the “Consumer Incident Questionnaire” and provide back to Support.

  3. Provide a full list of potential consumers who may have been impacted by the reported incident. If several people refuse to provide the information for the “Consumer Incident Questionnaire” at least provide the Kiosk User name(s) and the total number of impacted customers.

  4. Review the kiosks at the host location for any tampering. Take photos of each of the listed components and provide to Support.
    1. Outside of Credit Card Reader
    2. Kiosk Lock / Encasement
    3. Inside of Credit Card Reader (where applicable)
    4. Card Reader USB cable (where applicable)

Based on kiosk accessibility Support may request to replace the computer within the kiosk. This is not an indication of an actual incident but may speed up the incident response process.

In some situations the operator may deem it necessary to replace the computer to build confidence with the host location. If this is desired, please contact Support to schedule the process. This is only recommended in specific situations, and caution should be exercised. Some consumers may view a computer replacement as an indicator of an incident, even if one did not occur.

If an actual incident did occur the 365 Retail Markets IR team will contact the operator to discuss the desired disclosure process that abides by local and state laws.