Security Notice: Action Required
Apache Log4j Security Patch
SSL Certificate Expiration
PayGuardian Desktop 2.3.X EOL Notice

Please review this entire announcement for a complete understanding and plan of action for the Apache Log4j Patch, the SSL Certificate Expiration, and PayGuardian Desktop (versions 2.3.X and older) End of Life Notice that may affect your end users.
SSL Certificate Expiration

BridgePay is announcing the current PayGuardian Desktop SSL certificate will expire at 7 p.m. EST on January 10th, 2022. All industry SSL certificates or "certs" now only have a one year life span and thus must be updated annually.

This SSL certificate expiration only applies to
PayGuardian Desktop 2.4.11 or older.

Users of PayGuardian Desktop 2.4.11 or older will need to update to the new SSL cert to avoid security warning pop-ups presented while trying to run a transaction. PayGuardian Desktop integrators and resellers must take action such as integration testing and end user notification to avoid processing interruptions (e.g. warning pop-ups for users).

Users of PayGuardian Desktop 2.4.12 or later will not need to take action because the software automatically downloads the updated SSL certificate.

How do I check my PayGuardian version?
Open your PayGuardian app on your desktop (select the PayGuardian icon from your Windows task bar). In the PayGuardian app, go to Help then About to view the version.

PayGuardian Desktop users will have two paths available to address the upcoming SSL certificate expiration.

1) Upgrade to PayGuardian 2.4.12 or later. The current available version is 2.4.14, which includes the latest SSL certificate and an enhancement to automatically check and download future updated SSL certs when the application is started. This is the most user-friendly option for updating these annual certs. Version 2.4.14 is available for integrators to allow for proper testing and deployment to end users. We encourage all integrators to upgrade to 2.4.14, not only for this SSL cert enhancement, but to receive the many updates available in this latest version.

2) If the integrator continues to use the existing version (2.4.11 or older), the user will need to utilize the BridgePay SSL Cert update tool, which is available for download using these instructions.

BridgePay is asking all Integrators to work towards supporting 2.4.14 to allow users to receive the user friendly automatic detection and installation of the annual SSL renewal.

Our Integrations and 24/7 Gateway Technical Support teams are here to help.

How do I contact the BridgePay Integrations team?
Our team can be reached by phone at 866-531-1460 option 4 or via our Integrations Support portal.

How do I contact the 24/7 Gateway Technical Support team?
The team can be reached by phone at 866-322-9894 or via email at gateway.support@bridgepaynetwork.com.
Apache Log4j Security Patch

The Apache Software Foundation product Log4j is a JAVA-based library used for logging error messages. On December 10, 2021, Apache released Log4j version 2.15.0 in a security update to address a vulnerability (CVE-2021-44228) affecting versions Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.14.0. Following reports of additional vulnerabilities affecting Log4j (CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832), the Apache Software Foundation has released log4j version 2.17.1.
 
BridgePay's Response to these Vulnerabilities
BridgePay has been assessing all products and services for impact from CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832. Affected internal systems are being remediated through our Vulnerability Management Program. Additionally, a review of our systems show there are no Indicators of Compromise (IOCs) and known malicious IP addresses have been blocked. BridgePay continues to monitor, and we have ensured our security tools are current to detect any attacks.
 
BridgePay has confirmed these vulnerabilities do not affect legacy T-Gate Gateway services.
 
Affected Products
This advisory applies only to the BridgePay products and services that include the impacted software component and may be vulnerable.
Users of version 2.4.9 – 2.4.13 can upgrade to 2.4.14 easily with the installer package available here. Those who wish to stay on the same functional version can do so by using the updated installer by executing a basic uninstall and re-install of PayGuardian. No terminal software updates needed.
 
Users of version 2.4.8 or older can upgrade to the recommended 2.4.14, but this will require a terminal software update to bring the terminal into compliance with the manufacturer standards. This is the recommended path for all users to be on the current version of 2.4.14. BridgePay is also providing a temporary patch for users on older versions (2.4.1 - 2.4.8) if the terminal software cannot be updated at this time.
 
Please visit the following landing page to assist with the appropriate downloads and instructions to complete these upgrades.

If you are a PayGuardian Desktop user 2.4.9 - 2.4.13, the available Apache patch will also include the 2022 SSL Certification. Users will be able to complete both upgrades in one step.

Our Gateway Technical Support team is here to help. The team can be reached by phone at 866-322-9894 or via email at gateway.support@bridgepaynetwork.com.
PayGuardian Desktop End of Life for Versions 2.3.X and older

BridgePay will no longer support PayGuardian Desktop versions 2.3.X and older effective March 31, 2022. The terminal software and EMV kernels used in these earlier PayGuardian versions are no longer compliant.

Please work to upgrade to the most current version of PayGuardian Desktop to ensure proper transaction processing with BridgePay.
Sign up today to access our Integration Support portal
Why do you need a log in to access BridgePay's Integration Support portal? This allows our team to better track and respond to the cases or questions you have entered into our system. The more information we have on your integration, the better we can assist you!
Coding to BridgePay has never been easier!
BridgePay's Developer Center offers our integrators all the tools needed for a simple development effort: SDKs, API documentation, samples galore and robust knowledge base.

Access our Developer Center 24/7/365 -- no login required!