My processor said I need to ensure my software supports 2048-bit certificates.
Monetra has supported connecting to servers which utilize 2048bit certificates since its first release 13 years ago. When Monetra connects to a processing institution, that processing institution is acting as a server and is responsible for advertising a valid and secure certificate to any client connections, such as from Monetra. The certificate size is not something that Monetra can control, it simply needs to support what the server (processing institution) advertises.
It is unclear why any payment processor may have continued to use 1024bit certificates. The general recommendations from the security community have strongly urged for the use of 2048bit certificates for many years. The most probable reason is to continue to support hardware (such as stand alone terminals) with constraints that could not handle 2048bit certificates. Monetra is a software product and does not fall under these constraints.
If you have received a notice stating you need to ensure your software can support 2048bit certificates, there is nothing further you need to do. However, that does not guarantee that you will not run into issues connecting to a processor once they change certificates. Certificates must be signed by a Certificate Authority (CA) and the CA must be listed in the CA trust list distributed with Monetra. If the CA is not present in this list Monetra will not 'trust' the server and therefore reject the connection. Monetra constantly updates this trust list with each release, so if there is any question you should ensure you are on the latest release. If you are unable to update the version Monetra, request an updated trust list via firstname.lastname@example.org (please also provide the version of Monetra you are using with such a request).
If you have received a notice which states your product [Monetra] does NOT support 2048bit certificates please disregard any such notice, or send this FAQ as proof of compliance. The notice was generated by using an invalid detection mechanism and is should be considered a false report. It has come to our attention that First Data, specifically, has performed some tests of deploying 2048bit certificates, and if during these test timeframes NO connection was established from a merchant, it is assumed there was an issue with the merchant. However, these tests could simply be timeframes that the merchant was closed, had internet issues and failed over to dialup, or was otherwise not sending transactions. There is no definitive way for First Data to tell if such merchants were actually having issues due to the server certificate length. These notices were then sent out via First Data's ISOs such as Wells Fargo and BAMS.
Finally, as always, we strongly encourage all users of Monetra to run the latest version of Monetra. Though it may not have any bearing on the notice received by many users, it may contain other fixes and security patches which do affect the merchant's ability to process in a secure manner.