SUPEE-9767 Security Patch has been released. It addresses the following:
Multiple critical security enhancements. These updates help close access control bypass, CSRF, and authenticated Admin user remote code execution vulnerabilities.
Support for MasterCard BIN number expansion. MasterCard recently added a new series of Bank Identification Numbers (BIN). While certain Magento versions already support the new BINs, merchants using the following versions must upgrade or apply a patch by June 30, 2017 or face potential fines from MasterCard and lost sales.
Open a ticket and have us patch your site ASAP so your system is able to accept the new Mastercard BIN numbers.
** Important update a version 2 of SUPEE-9767 was released and is recommended to be installed. The fix includes several security vulnerabilities. Many of the fixes relate to admin permissions, but there are some related to checkout and shipping.