We would like to share with you the following security alert with respect to a critical vulnerability affecting OpenSSL. This vulnerability could potentially compromise the security of secure websites. Exploiting this vulnerability malicious users can read or steal protected information (user, password, card numbers, personal data,…).

1. Are Ogone Payment Services vulnerable?

No. Ogone Payment Services were never exposed to the “OpenSSL Heartbleed” vulnerability. Therefore all information stored on the Ogone servers is unaffected by OpenSSL Heartbleed.

2. Is my webshop vulnerable ?

Even though the Ogone platform is secure and not vulnerable, your webshop might be vulnerable, depending on the software used.

3. What should webshop owners do ?

We recommend for webshop owners to take the following actions:

  • Contact your IT department, vendor or service provider to test the vulnerability of your platform and, if necessary, upgrade your systems.
  • Renew all SSL certificate(s) that were stored on your systems, if they were vulnerable
  • Once the new certificates are issued and installed, revoke the old ones
  • bly recommend or request all users to change their passwords

For more information, please visit the following websites:

[1] https://www.openssl.org/news/secadv_20140407.txt

[2] https://www.us-cert.gov/ncas/alerts/TA14-098A