Reporting PCI DSS-related incidents

Merchants must take the following steps in the event of a breach, including when it is suspected that payment card data has been exposed, lost, stolen, or misused.

Steps to follow

If you are a merchant and need to report a breach:

  1. Immediately contact IT Security at 613-562-5800 ext. 5000.  
  2. Report the incident to your immediate supervisor.  
  3. Report the incident to the Access to Information and Privacy Office (AIPO) by phoning 613-562-5800 ext. 1851 or by sending an email to the AIPO.
  4. If physical damage is apparent in an area where a POS is located or payment card data is stored (such as due to, but not limited to, vandalism or a break-in), contact Protection Services at 613-562-5411. If you discover something suspicious on or inside a device, carefully move all POS terminals to a secure area. Do not touch anything else; consider the area a potential crime scene.