Select Page

Finding out that you have been breached can throw your entire organization into crisis mode. The subsequent response may seem chaotic, scary, and overwhelming; but dealing with a breach—and being prepared to deal with a breach—can go a long way in ensuring your organization survives the aftermath. 

Breaches happen whether you’re prepared or not and whether you’re PCI compliant or not. In fact, during a typical 8 hour workday, 1,850,832 data records are lost or stolen. Rather than treating the issue as an if, universities should be preparing for when. Coming to terms with the fact that you are a prime target for a breach is the first step. From there, you can begin to craft a response team and protocol that minimizes negative fallout, including financial, legal, or reputational damage. 

According to the Ponemon Institute, data breaches within the education industry in the U.S. cost $245 per record lost—a number that exceeds the worldwide average by $45 or 22.5%. Preparing for the worst means creating containment and remediation protocol that can be activated when a breach occurs. 


If a breach occurs, the first thing to focus on is containment. It’s essential that you do not turn off or power down computers, terminals, or other network equipment. This can destroy digital forensic evidence that will be needed to fix the breach and to address and resolve issues to prevent future attacks. Instead, disconnect routers, terminals, modems or any other equipment that touches (uses, stores, transmits, accesses) sensitive customer information from both the internet and the network.  

Finding the Root of the Problem

Uncover how your organization may have been compromised: 

  • Direct hack of the internal network

  • Malware attack or viruses via infected websites or email

  • The use of default login credentials on a system or network

  • Through a vendor, online shopping cart provider, or web host that has remote access to your network and was breached

This can get complex as you may have to reverse map out the point of breach through several campus units and merchants. While the first review involves looking at outside sources of the hack, it’s also important to analyze employees and business units. The humans behind the computers are prone to error and carelessness. In some unfortunate cases, they are prone to deliberate nefarious acts, so all avenues should be considered. Evaluate whether staff may have accidentally or intentionally disclosed credentials or information about a merchant processing account with unauthorized parties. Look into potential failures to follow protocol, policies, and procedures on handling sensitive payment information. 

Identifying the Scope of the Problem

By honing in on the source of the breach, you can not only put a stop to it but more accurately determine how long information was at risk. At this point, an impact analysis should be completed to identify the complete scope of compromised data, including how much and what kind of information may have been compromised. Information to consider includes: 

  • Payment data (card account numbers)

  • Payment card security numbers (CVV2, PIN, etc)

  • Payment card expiration dates

  • Cardholder names

  • Contact information (physical addresses, email addresses, social security numbers, passport numbers, tax information, etc.)

Also identify the exposure time frame, though note that in may be longer than originally thought. Often credit card companies and banks will send notifications about a potential breach, though this timeframe is based on limited information. 


In terms of remediation, there are several steps your university should walk through. During this time, it’s important not to “hide” the fact that a breach has occurred. Have a PR response primed and ready, as any perceived dishonesty will only serve to further any reputational damage. Additionally, hiding or withholding evidence of a breach can result in hefty fines from regulators

Preserving Evidence

Digital evidence of a breach must be preserved to determine the source and cause of a compromise, as well as what was stolen. Earlier, we mentioned that you should not turn off any systems, but to isolate them from the network. Additionally, you should: 

  • Not log on to compromised systems (or access or update systems in any way)

  • Document any and all components involved in the compromise (servers, databases, PCs, terminals, etc.) 

  • Document all actions taken to contain and remediate the breach and be sure to include dates, times, participating individuals, and details around the actions performed

  • Preserve any logs (database logs, firewall logs, web logs, etc.) as well as any other evidence available

Enacting a Notification Plan

When a breach occurs, your university should have a notification plan in place to alert all relevant parties that a compromise has taken place. This plan should consider, at a minimum, the following parties: 

  • IT/IS departments and any incident response teams

  • Acquiring bank/merchant bank

  • Merchant services provider

  • Third party providers (web hosting, POS vendors, other payment services providers)

  • Relevant manufacturers (e.g. if the breach stemmed from a compromised POS terminal, contact the manufacturer)

  • Legal counsel to determine whether additional notifications are mandated (e.g. local or Federal law enforcement agencies, affected parties, etc.)

Completing a Forensic Investigation

Depending on what information was compromised and how, you may be required to complete an independent investigation through a PCI Forensic Investigator (PFI). A PFI audit usually must be engaged within a certain time frame and their report must be submitted within specific parameters as well. 

Safety in Numbers

Security and PCI compliance require ongoing vigilance. The breadth of responsibilities can sometimes be overwhelming for universities that consist of multiple campuses, business units, and merchants. 

Achieving the full breadth of data protection often calls for the help of a trusted partner that is experienced in helping higher education institutions remain PCI compliant and secure. Thankfully, Arrow Payments can be that partner. Get in touch to see how we can help keep you secure. 

Thought Leadership

Recent Insights

Check out the latest trends and reports from Arrow Payments.

The Evolution of Higher Education Cyber Attacks

The Evolution of Higher Education Cyber Attacks

Higher education faces unique challenges when it comes to cybersecurity. Data breaches and ransomware attacks continue to plague colleges and universities, though most have taken steps to combat these threats. Even so, a recent report by cybersecurity company...

Guarding Against Payments Fraud

Guarding Against Payments Fraud

Payments fraud is a serious and ongoing challenge for treasury practitioners, requiring an increasing amount of vigilance and foresight. According to the 2023 AFP Payments Fraud and Control Survey, 65% of organizations reported being victims of payments fraud in 2022,...

Cultivating Emotional Intelligence in Leadership

Cultivating Emotional Intelligence in Leadership

We’ve discussed how emotional intelligence (EQ) makes you better at business. We’ve even talked about how EQ and payments are tied together. This article explores why EQ is crucial for leaders to possess. Yes, technical skills and a strategic mindset are valuable...

Gain Visibility into Your Higher Education Payment Systems

Find out what’s happening in every department and start building solutions that address fundamental needs.

Start My Discovery