Skip to main content
 
 

Case Studies

Plastic Bag Packaging Company:  eCommerce Merchant Aided in Reporting Suspected Data Breach

Delivering the Right Information at the Right Time to the Right Regulating Authorities is No Easy Task

 
A California company in the business of providing plastic bag packaging products, services and solutions through their eCommerce website began receiving numerous complaints. Apparently some of their customers’ payment cards were being used to make unauthorized foreign purchase transactions shortly after making purchases of their plastic bags.
 
The company took a number of preliminary actions, including an internal technology review. This prompted outreach to the company’s software developer, website hosting company, payment gateway and merchant card processor.
 
When a compromise event occurs, a plethora of federal, state and other regulations must be followed with event reporting made to a wide variety of governing bodies based on individual breach or suspected breach circumstances. Reporting compliance is complicated, confusing and stressful, plus the stakes are high as customers are affected and reputation is at risk. 

CSR Breach Reporting ToolKit to the Rescue

Fortunately, the company’s payment card processor offers CSR Breach Reporting ToolKit as a value-added service. With a simple toll-free telephone call, expert help ensured timely and accurate reporting of the suspected breach to the appropriate authorities, mitigating the company’s risk related to any potential financial, civil and criminal penalties.
 
“CSR Breach Reporting ToolKit is an excellent value-add to our basic merchant offering; it’s an insurance policy that gives our clients access to compliance professionals when they really need it,” states the payment card processor’s senior vice president. “It’s really a differentiating service that’s essential to our customers’ business welfare.”
 
Information Compromised:

  • eCommerce Transactions
  • Customer name
  • Customer purchase address
  • Customer shipping address
  • Payment card number
  • Payment card expiration date
  • Payment card CVV code

 

Tattoo and Piercing Studio:  Merchant Rescued from Data Breach Reporting Pain and Frustration

Timely and Accurate Data Breach Reporting is Essential to Mitigate Risk Related to Potential Financial, Civil and Criminal Penalties

 
The owner of a tattoo and piercing studio in New York State had an unfortunate traffic experience that exposed several types of non-electronic Personally Identifiable Information (PII) which required immediate action.
 
The studio owner was on the way to the bank to deposit his weekly cash sales. Inside a satchel strapped to the back of his motorcycle was not only the cash, but checks, credit card receipts with non-truncated account numbers, as well as medical liability release forms with customer date of birth, social security number and health history information.
 
Unfortunately, the satchel was not securely attached to the motorcycle and fell off in-route. The owner retraced his route to no avail — the satchel was nowhere to be found. Besides losing money, the resulting PII data compromise became a serious business issue. 

CSR Breach Reporting ToolKit to the Rescue

When a compromise event occurs, a plethora of federal, state and other regulations must be followed with event reporting made to a wide variety of governing bodies based on individual breach circumstances. In a nutshell, compliance is tough and can leave a merchant reeling without help.
 
Because the tattoo and piercing studio’s payment processor offers CSR Breach Reporting ToolKit as a value-added service, the right information was delivered at the right time to the right authorities. “We’re always looking to provide valuable services to our merchants and our experience with CSR Breach Reporting ToolKit has been just that,” reports the chief operating officer for the studio’s payment processor. “Our merchants don’t have the knowledge or wherewithal to report a compromise, and it’s a relief to know expert help is just a phone call away to insure that everything is taken care of properly.”
 
Information Compromised:

  • Checks
  • Credit card receipts
  • Medical liability release forms