Payments
go to Evonet
Start typing to search…

What to Do if Your Merchant Environment Is Compromised

If you know or suspect that your EVONET account, credentials, website, application, server, plugin, API integration, or any payment-related or personal data has been compromised, you must act immediately to contain the issue and prevent further unauthorized activity.

Immediate actions required

Contain the incident immediately

Take immediate steps to stop further unauthorized access or misuse. This may include disabling affected user accounts, rotating passwords and API credentials, suspending impacted payment flows, isolating affected systems, or temporarily pausing refund or settlement activities where appropriate.

Notify EVONET without delay

Inform EVONET as soon as possible through your designated account manager or merchant support contact. Your notice should include the nature of the incident, the systems or credentials affected, the suspected timeline, and the actions already taken.

Preserve logs and evidence

Keep all relevant records, logs, screenshots, alerts, order records, refund records, and customer communications. Do not delete or overwrite information that may be needed for investigation or compliance review.

Assess the scope of impact

Determine whether the incident affects your EVONET portal access, integration credentials, website, application, transactions, refunds, customer data, or other connected systems. You should also identify the impacted period, affected payment methods, and any suspicious activity.

Remediate and secure your environment

Remove malicious code, patch vulnerabilities, replace compromised credentials, review access permissions, and validate that your payment flow is secure before resuming normal processing.

Cooperate fully with EVONET

You must cooperate fully with EVONET, its partners, and any required investigation, review, or remediation process. EVONET may request additional information, supporting records, or technical validation before restoring or continuing services.

Resume processing only when the issue is resolved

Do not resume affected services until the incident has been properly contained and remediated, and any further requirements communicated by EVONET have been satisfied.

Merchant responsibilities

Merchants remain responsible for maintaining secure systems, protecting credentials, using approved integrations only, complying with applicable law and payment scheme requirements, and ensuring that their business activities, products, services, URLs, apps, and selling channels remain accurate, lawful, and approved by EVONET. Merchants must also maintain transparent refund and customer support arrangements and cooperate with EVONET monitoring and compliance reviews.

Important note

Where necessary to protect the payment ecosystem, comply with legal or scheme obligations, or manage fraud, security, or compliance risk, EVONET may suspend services, settlements, or access while enquiries are conducted. EVONET’s policies also require merchants to maintain anti-fraud and compliance controls, and its data protection policy requires reasonable security arrangements to protect personal data from unauthorized access, loss, misuse, modification, or disclosure.

Updated about 10 hours ago