CK Incident Response Process - Operator

The following process should be followed in any situation where a customer or operator may feel there has been a security incident with a kiosk. This process is meant to help you gather data that will be passed to the 365 Retail Markets Incident Response Team (IRT) for review. In all situations it is important to contact 365 Support to have the situation documented and a case created for investigation. This is essential to demonstrate that 365 Retail Markets and the operator have exercised due diligence to protect the consumer PII and Card Holder Data.

  1. Contact 365 Support at 888-365-6282 and open a ticket with the initial information supplied by the host location.

  2. Contact the person(s) reporting the incident and complete the Consumer Incident Questionnaire and provide back to Support or Security.

  3. Provide a full list of potential consumers who may have been impacted by the reported incident. If several people refuse to provide the information for the Consumer Incident Questionnaire, at least provide the Kiosk User name(s) and the total number of impacted consumers.

  4. Using the CK Physical Security Audit, review the kiosks at the host location for any tampering. Take photos of the following listed components and provide them to the 365 Security Team.
    1. Outside of the Credit Card Reader
    2. Kiosk Lock / Encasement
    3. Inside of the Credit Card Reader (Where applicable)
    4. Card Reader USB cable (Where applicable)
    5. Screen of the kiosk if the CK Application is not displayed
  1. Review the DVR Footage. When an incident is reported, it is vital to review video footage of the date and time the incident was reported or suspected to have occurred. If no DVR is in place, the operator of the kiosk should contact the local company and request that this footage be reviewed, and the same process be followed.

Based on kiosk accessibility, Security may ask to replace the computer within the kiosk. This is not an indication of an actual incident but may speed up the incident response process. 

In some situations the operator may decide that it is necessary to replace the computer to build confidence with the host location. They need to contact 365 Support to schedule the process. This is only recommended in specific situations, and they should exercise caution. Some consumers may view a computer replacement as an indicator of an incident, even if one did not occur. 

If an actual incident did occur the 365 Retail Markets IR team will contact the operator to discuss the desired disclosure process that follows local and state laws.