In accordance with the National Institute of Standards and Technology, data transport encryption standards have been updated to new industry-wide standards for acceptable protection of data. Moneris will be migrating to Transport Layer Security (“TLS”) and Secure Hash Algorithm (“SHA”). TLS is a protocol used to encrypt the data between your payment gateway connection point and Moneris to ensure the security of data and SHA is a hashing algorithm used to sign digital certificates. For more information on SHA or TLS please refer to the National Institute of Standards and Technology articles at: http://www.nist.gov/itl/csd/tls-043014.cfm & http://csrc.nist.gov/groups/ST/hash/policy.html November 2015 Interac Mandates EMV Acceptance Notice: Effective December 31, 2015, Interac has mandated all point of sale (POS) solutions accepting Interac Debit in Canada must be EMV chip and PIN enabled. If your current POS device does not comply with this mandate, please contact Moneris at 1-866-319-7450 for assistance. Failure to comply by the December deadline may impact your ability to accept Interac Debit until an upgrade is performed. Thank you. Need to know the latest fraud trends? Keeping abreast of new or reoccurring scams can significantly reduce or prevent losses at your place of business. Moneris Solutions is committed to keeping you informed / updated on these trends as they occur. Be sure to check this section regularly. Bash "Shellshock" Bug In light of the recent media exposure regarding the Bash “Shellshock” bug, Moneris would like to assure our merchants that their customers’ data has not been compromised on our systems as a result of this issue. Our information security team has applied all currently released security patches for all versions of Bash. We will continue to monitor our systems and apply the release of new security patches on an ongoing basis to prevent any impact to our payment infrastructure. OpenSSL “Heartbleed bug” (CVE-2014-0160) In light of the recent media exposure regarding the OpenSSL "Heartbleed bug" (CVE-2014-0160), Moneris would like to assure our customers that we have investigated and determined that our current payment infrastructure is not vulnerable to this form of attack. Your customers’ data has not been compromised on our systems as a result of this issue. Moneris’ PCI compliant network is operating on an OpenSSL version that is not vulnerable to the "Heartbleed" security issue. Phishing alerts October 2013 We have recently discovered that some of our customers are receiving fraudulent "phishing" emails, attempting to collect Moneris account credentials and prompting customers to install fraudulent files into their systems. These emails may have some of the following characteristics: They may come from a fictitious email address, such as email@example.com They provide false information, advising customers that their Moneris Virtual Terminal SSL certificate has expired. A website link is provided and customers are asked to update their digital certificate by clicking on the link. Once the link has been opened, customers are asked to install a file that is fraudulent. This link will take customers to a web page which looks like a Moneris service page, such as the Merchant Direct Login or e-Select plus login pages. If you have received one of these phishing emails, please follow these steps: Please delete the email immediately, do not click the link or enter any Moneris Login credentials. Please do not install any of the attached files. If the link has been accessed and the file downloaded, please follow these important steps: Login to your Moneris Account and change your password For Merchant Direct customers, please go to: https://www.moneris.com/mymerchantdirect For Moneris Gateway customers, please go to: https://www3.moneris.com/mpg/index.php Refer to your IT department to scan your system for any new viruses on your system Run your antivirus application If the link has not been accessed, please delete the email immediately. What is “phishing”? Phishing is a type of fraud that uses email, web pages and text messages to gather personal, financial and sensitive information for the purpose of identity theft. Most commonly, users receive spam email, text messages and pop-up windows that appear to come from legitimate businesses asking the recipient to confirm or provide personal information such as passwords, social insurance, credit card and account numbers. How can you protect your business from online threats like phishing? Be aware of the potential risks and educate yourself and your staff on how to handle them. Question the source of all email messages you receive, and call us to confirm the source of any email messages or other communications if you have any concerns. Build into your regular routine time to evaluate and update your security procedures. We provide information to assist you with here. Moneris Solutions does not ask its merchants to provide, confirm or update their records via email. We will not send emails from a third party address or link to a third party site. We are committed to keeping you informed of latest fraud trends and protecting your business. If you have any additional concerns, contact us at 1-866-319-7450.