Merchant Alerts

Moneris Solutions USA

Discover Alert – June 6, 2016

 

   Discover Alert – June 6, 2016

 

Discover Alert – March 4, 2016

 

   Discover Alert – March 4, 2016

 

Discover Alert – November 2015

 

   Discover Alert – November 2015

 

Discover Security Alert Fall 2015

 

   Data Security & Fraud Bulletin – Fall 2015

 

Visa Security Alert March 2015

 

   "RAWPOS” Malware Targeting Lodging Merchants

 

Visa Security Alert March 2015

 

   Visa Security Alert March 2015

 

Data Security Alert February 6, 2015

 

   Discover – Data Security Alert February 6, 2015

 

Visa Security Alert October 2014

 

   Visa Alert - SSL3Poodle - October 2014

Moneris has assessed the risk of the recent security threat identified as the SSLv3 “Poodle” Vulnerability (CVE-2014-3566), and has determined the best course of action to protect our customers. This vulnerability exploits an older encryption technology known as Secure Socket Layer 3.0 (SSLv3.0) and creates a risk of unauthorized access to sensitive data.

After careful review and consideration, we will be discontinuing the use of SSLv3 for eSelect Plus US effective Friday, November 14th, 2014.

Moneris is implementing an alternative measure to prevent any impacts to transaction processing. We are enabled to support the Transport Layer Security (TLS) encryption technology versions 1.0 and above and urge all customers to connect to the appropriate test host before Friday, November 14th, 2014 to confirm successful connectivity:

Errors encountered when attempting to connect to the test host are most commonly resolved through enabling the use of the TLS at the client end and/or ensuring all connectivity is being made on more recent Internet browser versions.

Moneris has considered all options available to mitigate this security threat and has determined this to be the most effective way to maintain our commitment to data integrity and security.

Should you have any questions or concerns regarding this change, please contact the Moneris eProduct Support Team at eProducts@moneris.com

Homeland Security July 2014

 

   New Point of Sale Malware, July 2014

 

Visa Security Alert July 2014

 

   Visa Security Alert July 2014 PDF

 

Discover Security Alert July 2014

 

   Discover Security Alert July 2014 PDF

 

Phishing Alert March 2014

 

   Phishing Alert March 2014 PDF

 

Phishing Alert October 2013

We have recently discovered that some of our customers are receiving fraudulent "phishing" emails, attempting to collect Moneris account credentials and prompting customers to install fraudulent files into their systems.

These emails may have some of the following characteristics:

  • They may come from a fictitious email address, such as security@moneris.ca
  • They provide false information, advising customers that their Moneris Virtual Terminal SSL certificate has expired.
  • A website link is provided and customers are asked to update their digital certificate by clicking on the link.
  • Once the link has been opened, customers are asked to install a file that is fraudulent. This link will take customers to a web page which looks like a Moneris service page, such as  e-Select plus login pages.

If you have received one of these phishing emails, please follow these steps:

Please delete the email immediately, do not click the link or enter any Moneris Login credentials. Please do not install any of the attached files.

If the link has been accessed and the file downloaded, please follow these important steps:

  • Login to your Moneris Account and change your password
  • For eSELECTPlus customers, please go to:
    https://esplus.moneris.com/usmpg/index.php
  • Refer to your IT department to scan your system for any new viruses on your system
  • Run your antivirus application

If the link has not been accessed, please delete the email immediately.


Phishing Alert August 2012

We have recently discovered some customers are receiving fraudulent "phishing" emails which claim to contain a Trusteer Security Toolbar for the recipient. The email attempts to persuade the recipient to open a .zip attachment for details which contains a malicious .exe file that, when executed, infects the system with malicious code.

A sample email is below (links have been de-activated).

Dear Moneris E-select Plus client,

Because of the recent phishing attacks we have implemented a new security system, in order to assure your online safety every time you use our services.

The new security system is called Trusteer Moneris Toolbar, and it’s been developed in collaboration with Trusteer, the company who created the award winning security software Rapport, used by financial institutions worldwide.

The new toolbar will notify you when you visit the real Moneris.com website and will deny access to forged Moneris websites, avoiding the loss of data caused by phishing attacks.

To download the Trusteer Moneris Toolbar, please visit the following URL: (link inserted here).

Every Moneris E-select Plus client is required to download the new security toolbar.

Thank for choosing Moneris Solutions

Copyright 2012 Moneris Solutions. All rights reserved

###

If you receive an email like the one above, do NOT click on any of the links or attachments. If an email appears to be suspicious, its best to treat it as such and to contact Moneris Solutions for guidance. 

Please monitor your account for suspicious activity.  If you have any questions or concerns  contact us at 1-800-471-9511

What is “phishing”?

Phishing is a type of fraud that uses email, web pages and text messages to gather personal, financial and sensitive information for the purpose of identity theft. Most commonly, users receive spam email, text messages and pop-up windows that appear to come from legitimate businesses asking the recipient to confirm or provide personal information such as passwords, social insurance, credit card and account numbers.

How can you protect your business from online threats like phishing?

  • Be aware of the potential risks and educate yourself and your staff on how to handle them. Question the source of all email messages you receive, and call us to confirm the source of any email messages or other communications if you have any concerns.
  • Build into your regular routine time to evaluate and update your security procedures. We provide information to assist you with here.

Moneris Solutions does not ask its merchants to provide, confirm or update their records via email. We will not send emails from a third party address or link to a third party site.

We are committed to keeping you informed of latest fraud trends and protecting your business. If you have any additional concerns, contact us at 1-800-471-8511.


Phishing Alert June 2012

We have recently discovered some customers are receiving fraudulent "phishing" emails which attempt to gather their Moneris Account credentials. These emails may have some of the following characteristics:
  • From a forged email address such as "Moneris Financial Services <suspension@moneris.com>"
  • Letting you know that your "Moneris SSL certificate has expired."
  • Asking you to log in and generate and import a new digital certificate
  • Ask you to reset your password etc.

These emails typically contain a link which will take you to a web page which looks like a Moneris Service such as the Merchant Direct Login or E-Select Plus Login pages.

If you have received one of these emails, please immediately delete it. Do not click the link or enter your Moneris Login credentials.

If you clicked on the link and tried to log in, please immediately login to your Moneris Account and change your password.

For Merchant Direct Customers – Please go to:
https://www.moneris.com/mymerchantdirect

For E-Select Plus Customers – Please go to:
https://www3.moneris.com/mpg/index.php

For E-Select Plus US Customers - Please go to:
https://esplus.moneris.com/usmpg/index.php 

Please monitor your account for suspicious activity.  If you have any questions or concerns  contact us at 1-800-471-9511

What is “phishing”?

Phishing is a type of fraud that uses email, web pages and text messages to gather personal, financial and sensitive information for the purpose of identity theft. Most commonly, users receive spam email, text messages and pop-up windows that appear to come from legitimate businesses asking the recipient to confirm or provide personal information such as passwords, social insurance, credit card and account numbers.

How can you protect your business from online threats like phishing?

  • Be aware of the potential risks and educate yourself and your staff on how to handle them. Question the source of all email messages you receive, and call us to confirm the source of any email messages or other communications if you have any concerns.
  • Build into your regular routine time to evaluate and update your security procedures. We provide information to assist you with here.

Moneris Solutions does not ask its merchants to provide, confirm or update their records via email. We will not send emails from a third party address or link to a third party site.

We are committed to keeping you informed of latest fraud trends and protecting your business. If you have any additional concerns, contact us at 1-800-471-8511.


Phishing Alert May 2012

We have recently discovered some customers are receiving fraudulent "phishing" emails which attempt to gather their Moneris Account credentials.

These emails may have some of the following characteristics:

  • From a forged email address such as moneris@moneris.com or fren@moneris.com
  • Asking you to log in and update your account information
  • Ask you to reset your password etc.

These emails typically contain a link which will take you to a web page which looks like a Moneris Service such as the eSELECTplus Login page.

If you have received one of these emails, do not click the link or enter your Moneris Login credentials.

Please do the following:

  • contact our Technical Support team at 1-866-696-0488  to inform them of this email and provide any pertinent information.
  • after consulting with our support team, please immediately delete the email.
  • monitor your account for suspicious activity.

If you clicked on the link and tried to log in, please immediately do the following:

  • login to your Moneris Account, following your normal processes, and change your password as well as security questions and answers.
  • perform an audit of all existing users on your account verifying that no new users have been created and no permissions have been altered.
  • perform an audit of any recent administrative or user changes that may have been performed on your account, such as user updates, password changes, etc.
  • perform an audit of any recent access violations as well as login history.
  • update the API Token for your eSELECTplus account.  NOTE: if you have an integrated website or system, please make sure to consult with your technical team before performing this action to prevent any interruptions in transaction processing via your integrated systems.

If you require any guidance in completing any of the above mentioned preventive measures, please contact our Technical Support team at 1-866-696-0488 for assistance. 

What is “phishing”?


Phishing is a type of fraud that uses email, web pages and text messages to gather personal, financial and sensitive information for the purpose of identity theft. Most commonly, users receive spam email, text messages and pop-up windows that appear to come from legitimate businesses asking the recipient to confirm or provide personal information such as passwords, social insurance, credit card and account numbers.

How can you protect your business from online threats like phishing?
  • Be aware of the potential risks and educate yourself and your staff on how to handle them. Question the source of all email messages you receive, and call us to confirm the source of any email messages or other communications if you have any concerns.
  • Build into your regular routine time to evaluate and update your security procedures.

Moneris Solutions does not ask its merchants to provide, confirm or update their records via email. We will not send emails from a third party address or link to a third party site.

We are committed to keeping you informed of latest fraud trends and protecting your business. If you have any additional concerns, contact us at 1-800-471-9511