Bad Actors Targeting WebTrac 3.1 sites without ReCAPTCHA for PayTrac
Default Subject
We cannot overstate the importance of acting on this alert. Please take this alert seriously. Failure to act may result in WebTrac payments no longer working.
Please read the following and take action IMMEDIATELY if any of it applies to your current RecTrac set up. Contact Vermont Systems Support if you have any questions. We're happy to help!
What is the problem?
Bad Actors have found a way to access credit card processing functionality and test forged or stolen credit cards in WebTrac. While no PayTrac customer has been compromised we see the potential risk and have remedied it.
Why is this important?
Should hackers utilize the credit card processing capabilities of WebTrac at your Department, your credit card processor could be forced to Shut down your online credit card payment for a period of time.
Note your customer's data and card information are safe with your PayTrac processor. The bad actors are using your system to test cards they have obtained somewhere else.
What has been done?
We added ReCAPTCHA v2/ I am not a robot to all screens where a credit card number can be applied/processed throughout WebTrac to prevent bad actors from easily utilizing your WebTrac credit card processing capabilities.
What do I need to do?
-
If using Paytrac - Update to RecTrac 3.1.10.09.01 immediately. To get the update please log onto the sFTP site and download the patch files from the File Updates And Drivers\RecTrac\3.1\Updates\3.1.10\Builds\Setup_3.1.010.09.01.exe. Refer to the 3.1.10.09.01_documentation *If fully hosted with Vermont Systems you are already on the most current version of RecTrac.
-
Implement new Public an Private reCAPTCHA v2 API keys from Google. Vermont Systems supports reCAPTCHA V2 /I am not a Robot. Refer toVermont Systems Knowledge Base KA-01399 - 3.1 Adding WebTrac reCAPTCHA Public and Private Keys in RecTrac. If you already have ReCAPTCHA in place skip to step 4. If you are fully hosted or WebTrac only hosted with Vermont Systems, we will provide you with the keys. Create a case with support or use the online chat and we will give you those keys. If you host your own Web Server, you will need to follow the KB article above to acquire keys.
-
Update your WebTrac checkout screens. If you use custom web checkout screens, these need to be Deleted or recreated to accept the new ReCAPTCHA fields (When in doubt delete). Once complete process a test transaction all the way through. You should now see the ReCAPTCHA on the screen before being able to submit payment. If you do not use custom check out screens skip this step.
- ReCAPTCHA will also be present on the following screens, so we encourage you to review these other areas of WebTrac if applicable.
- WebTrac screens to review under Processing: WebCheckout, ProcessingPrompts
- WebTrac screens to review under Management:, WebBillingUpdate, WebAutoDebit, WebContactUs, TeeTimeProcessing & SAHouseholdAdd
-
We cannot overstate the importance of taking action if you take payments in WebTrac. Please take this alert seriously. Having reCAPTCHA setup may be a requirement to use Webtrac in a later 3.1.10.08.XX build so take steps now and avoid payment processing interruptions.