Advisory Notification – Dejavoo PTP Encryption

As previously informed, during our routine security monitoring it was discovered that some Dejavoo Gateway powered terminals were Point to Point Encryption disabled and/or not activated for the service (“P2P Encryption” and “P2P Key”) due to incorrect configuration in the TPN parameters. We promptly addressed this matter by taking corrective measures to rectify the configuration errors on your behalf. On the affected devices, we updated the TPN configurations to the correct parameters and settings.

Since our last update, the vast majority of the terminals that were processing without the P2PE key have been encrypted and are now processing transactions securely. As we continue to run our security monitoring, we discovered that there are very few devices that have not been updated and/or encrypted through the Auto Download and Auto RKL process. These terminals have been identified and will require manual intervention to complete the encryption process in order to prevent the transmission of unencrypted data to the gateway.

For terminals that require manual intervention, we are reaching out to our partners advising which merchants need to be contacted. If requested and authorized by our partner, Dejavoo will reach out to the affected merchants to make sure the encryption is completed. Please note that as the majority of the terminals have been updated automatically, not all customers need to be notified, only those partners who have affected terminals will be contacted.

We reassure you that, to date, no security incidents or concerns related to this matter have been reported. We thank you for your continued trust in our services. Should you have any questions or require further assistance, please do not hesitate to contact our customer support team.