PDF Request Tracking

 

This website would like to use cookies to store information on your computer which will help us customize our interactions with you our customer. More information about cookies and your choices can be found in our Privacy Policy.

Please choose accept so we can deliver you the best customer service.

 

Support

FICO Product Support is committed to providing accurate and professional technical service for FICO software solutions. Our team is dedicated to helping every client achieve their business objectives and maintain a competitive edge by providing the highest quality service and assistance.

heartbleed-flat

Please read the updated message below from FICO Product Support on the Heartbleed issue:

1:55 PM on April 14th, 2014

FICO has remediated all publically facing systems for the Heartbleed vulnerability.

As of Friday, 4/11/2014, all customer facing systems were patched, tested and rescanned for the Open SSL vulnerability known as Heartbleed. FICO has re-issued certificates for all affected systems. Over the weekend, the FICO IT also reset all systems within a scheduled window of opportunity to minimize the effect on our customers’ production systems. This system maintenance and restarting of services was a last step to ensure that the patches put in place solved the vulnerability and that the solution did not hinder the systems in an unanticipated way.

FICO IT continues to proactively scan all systems for vulnerabilities and has processes in place to act swiftly if any problem should arise. We continue to work with our technology partners to assist in monitoring their products and interfaces with all FICO products and services to ensure security for our customers across all of our solutions offerings.

As mentioned in an earlier communication, if you currently use OpenSSL in your environment for any FICO or non-FICO products, you should address the solution within your environments. Particularly we recommend executing the patch and then changing certificate keys or issuing a new certificate with a different key. Applying the latest patch and generating new certificates effectively remediated this vulnerability at FICO, but there is more to do if you are a consumer of one of the estimated 500 million web sites impacted. Changing your personal password on sites such as Yahoo, YouTube, Gmail, Facebook, Tumlr or Flickr now will ensure your personal web accounts are protected. Please note that Phishing emails have started to appear which attempt to convince a user to change his or her password by clicking a link in the email, don’t do it. Go directly to the providers website to change your password.

More (technical) information and patching method for the security flaw can be found on http://www.heartbleed.com.

12:22 PM on April 11th, 2014

FICO continues to monitor its systems for any signs of the OpenSSL vulnerability and has been updating all systems with the appropriate patches. FICO Global Technology, Product Support, and Security groups continue to work together to address this issue and support our clients.

A few general questions that have come in from our clients include:

  • Which environments were effected?
    Only a few of the client facing environments were effected and were the first environments scanned and patched by FICO IT.
  • How was that determined?
    FICO has employed security tools, manual inspection, and consultation with 3rd-party products used within FICO to determine any exposure to the OpenSSL vulnerability.
  • How will they be fixed?
    Remediation efforts were handled through first patching all technologies within FICO that leverage an affected version of OpenSSL. New security certificates have been deployed to all potentially impacted environments. A thorough security scan for the OpenSSL vulnerability was then executed to ensure that the vulnerability was no longer exposed.
  • When will they be fixed (timeline)?
    Deployment of patches to close the OpenSSL vulnerability has been completed for most FICO environments. New certificate issuance and validation scanning are currently underway.
  • Impact/Risk of the bug on these environments to our clients.
    FICO has no evidence at this time that the OpenSSL vulnerability was exploited and has acted promptly to mitigate the risk. We continue to investigate to identify any exposure.

As mentioned earlier, more (technical) information and patching method for the security flaw can be found on http://www.heartbleed.com.

12:22 PM on April 11th, 2014

With the disclosure of the OpenSSL vulnerability, FICO has taken the following steps to address this security flaw. We have confirmed with all product managers and application support owners the presence and version of OpenSSL. From that information we have assessed risk and remediated where appropriate. Where a vulnerable version has been identified, remediation steps have been taken to patch the issue and change the certificate key or issue a new cert and key where appropriate. Where 3rd party products are in use, we have been confirming with vendors their position as regards to this vulnerability and have been mitigating as needed. Scanning and further assessments of all systems will continue until this issue is resolved.

FICO Global Technology, Product and Security groups continue to work together to address this issue and support our clients. More (technical) information and patching method for the security flaw can be found on http://www.heartbleed.com.

12:24 PM on April 10th, 2014

Dear Valued FICO Customer,

A critical flaw in OpenSSL, a library used for encrypting communications in a number of web servers, was disclosed on April 7. This problem has been named Heartbleed and affects web-servers using this library to encrypt web communications (also referred to as HTTPS or SSL), potentially allowing an attacker to intercept and gain access to communication data thought to be hidden and secure.

This issue is being addressed by FICO for ALL hosted solutions. However, if you currently use OpenSSL in your environment for any FICO or non-FICO products, you should address the solution within your environments.

Heartbleed affects specific versions of OpenSSL only. Only versions 1.0.1 through 1.0.1f (inclusive) are vulnerable; older versions (before 1.0.0) and newer (1.0.1g and above) are not vulnerable. If you are running an affected version of OpenSSL and one of the technology stacks that might be affected, you should move forward assuming your system could potentially have been compromised. Particularly we recommend executing the patch and then changing certificate keys or issuing a new certificate with a different key.

More (technical) information and patching method for the security flaw can be found on http://www.heartbleed.com.


This concludes our information on the Heartbleed Bug



FICO Product Support is committed to providing accurate and professional technical service for FICO software solutions. Our team is dedicated to helping every client achieve their business objectives and maintain a competitive edge by providing the highest quality service and assistance.

FICO Online Support
FICO offers all licensed clients use of a secured, self-service Web portal for Product Support, FICO Online Support. FICO Online Support allows users to self help on their issues 24 hours a day, 7 days a week. By using FICO Online Support clients can open, review, update and close their cases, as well as find solutions in the FICO Knowledge Base to common questions. To obtain your FICO Online Support credentials, please contact us by emailing support@fico.com.

To log into FICO Online Support >

Adeptra legacy Support
For Adeptra customers requiring product support:
Australia Helpdesk: 1 800 090 106
United Kingdom Helpdesk: 0800 107 7874
North America Helpdesk: +1 866 866 0384
You may also contact us at: customer-support@adeptra

TITANIUM / DM9 and PLATINUM Support
Titanium / DM9 support, please call: (703) 621-9167
For legacy CR Software PLATINUM support, please call: (703) 934-9060
You may also contact us for support by emailing support@fico.com
To open a new case via the FICO Online Support Portal click here
To review old cases (prior to June 4, 2013) or transfer files on the CR Software portal click here

FICO® Score Support *
For current business clients and financial institutions with FICO® score product questions, please contact ScoreSupport@fico.com.*
Additional FICO® score product information is available for scoring clients on the following site:

FICO® Score Support
This password-protected site is reserved for the users of FICO® scores and other credit bureau-based solutions. The site includes various support tools such as validation charts, product descriptions and other support material. If you would like access to this site, and do not have a login and password, please contact us at scoresupport@fico.com

myFICO Support
Consumer inquiries should be directed to myFICO Support Center or 1-800-319-4433.

Credit Bureau Scores Products
This password-protected site is reserved for the users of FICO® scores and other credit bureau-based solutions. The site includes various support tools such as validation charts, product descriptions and other support material. If you would like access to this site, and do not have a login and password, please contact us at scoresupport@fico.com

*Consumer inquiries should be directed to myFICO Support Center or 1-800-319-4433.

Support Centers

North America

6am-5pm PST

Telephone (toll free): 1-877-4FI-SUPP

South America

9am – 5pm Brazil

Telephone: 1-(415)-446-6185
Brazil (toll free): 0800-891-6146

Europe, Middle East & Africa

8:30am-5pm UK

Telephone: 44-(0)-870-420-3777
UK (toll free): 0800-0152-153
South Africa (toll free): 0800-996-153
Fax: 44 (0) 870 420 3778

Asia & Australia

9am – 5:30pm Singapore

Telephone: 1-(415)-446-6185
North China (Beijing): 10800-713-1444
South China (Shanghai): 10800-130-1404
Australia (toll free): 1-800-467-862