Effective: 06/30/2008


(Downloadable Version)

e-Commerce Incident Report


In the event of a possible credit card data compromise: isolate but do not alter affected data, machines, and systems; notify Business Affairs immediately; and complete the following information for NOVA Information Systems.

Merchant Name:  

Merchant ID #:

Date of Incident:

What is the transaction date range associated with the compromise accounts?

What credit card data was compromised? 

How did the compromise occur? 

What are the compromised systems?

Has all possible evidence been preserved?

How many credit cards were involved?

Were officials notified, and if so, which department/agency?

What software and what version are you running? 

Are you PCI Compliant?

Was your system storing track 1 or track 2 data? 

Was your system storing CVV/CVC 2 data? 

What steps have been taken to remediate the risk/vulnerabilities?

Actions Taken:
Actions Pending:
Contact Information: 

Bank Use Only: