Skip to navigation content (Press Enter).

PCI HPP Security Standard

The following standard details the minimum security requirements for integration of Moneris Hosted Pay Page (HPP) into e-commerce websites for the purposes of credit card payment processing.


This standard applies to any server that provides access to an external payment page for the purpose of credit card transaction processing.

Standard for deploying secure and PCI compliant hosted pay page servers

PCI Compliant hosted pay page servers must comply with the guidelines for deploying secure servers.  Additionally:

Perform regular risk assessments:

System Administrators must perform the following risk assessments:

  • Malware scans: Weekly
  • System risk assessment: Quarterly and as part of change management
  • Application risk assessment: Quarterly and as part of change management
  • Perimeter risk assessment: Annually
  • Value risk assessment: Annually
  • Physical risk assessment: Annually
  • Third party assessment: annually where applicable

All web page and application development that has integration with Moneris HPP must follow the principles and practices detailed at the Open Web Security Project (OWASP) website for development, testing and code review -

When using Moneris HPP the security feature of referring URL must be used to ensure transaction results can only return to authorized pages.

Service Bulletins

Citrix Receiver Client Update

UTS asks Citrix users to upgrade Citrix Receiver Client to the most current version by February 28, 2017. See UTS Citrix website for installation and removal information.

Mosaic Upgraded Interface

Service Desk

Client Self Service:
Hours: Monday - Friday
8:30 am - 4:30 pm
Phone: 905-525-9140 x24357 (2HELP)
Location: Main Campus BSB Rm. 245
Service Catalogue:

Great Idea Site

Great Idea