Important Authorize.net Technical Updates

Discussion in 'Payments processing' started by jbround39, Aug 25, 2015.

  1. jbround39

    jbround39 aMember Pro Customer

    Joined:
    Mar 20, 2008
    Messages:
    61
    I got an email today that discusses three changes to Authorize.net in addition to the previously discussed Akamai change. Will any of these changes affect aMember 4.4 or aMember 3.x?

    Security Certificate Upgrades to api.authorize.net
    As part of our continuous upgrades to enhance system performance and security, on September 21, 2015, we are upgrading api.authorize.net to new security certificates, which are signed using Security Hash Algorithm 2 (SHA-2) and 2048-bit signatures.

    These upgrades were already completed onsecure.authorize.net in May. If your website or payment solution connects to api.authorize.net and any updates are necessary to use the new certificates, please refer to thisblog post in our Developer Community, which has all of the certificate information you and your developer will need for this update. Our sandbox environment has already been updated so that you can validate that your solution will continue to work using SHA-2 signed certificates, prior toSeptember 21st.

    After the update is complete on September 21st, any website or payment solution that connects viaapi.authorize.net that cannot validate SHA-2 signed certificates will fail to connect to Authorize.Net's servers.

    TLS Remediation for PCI DSS Compliance
    As you may already be aware, new PCI DSS requirements state that all payment systems must disable TLS 1.0 byJune 30, 2016. To ensure that we are compliant ahead of that date, we will be disabling TLS 1.0 first in the sandbox environment and then in our production environments. Both dates are still to be determined, but please make sure your solutions are prepared for this change as soon as possible.

    For more information, including updates to the dates we anticipate disabling TLS in each environment, please refer to our previous blog post. We will also send another email about TLS once we have a final date in place.

    Transaction ID Changes
    In October of this year, due to system updates, it will be possible to receive Authorize.Net IDs (Transaction ID, Batch ID, etc.) that are not in sequential order.

    Currently, if you receive a Transaction ID of "1000," you could expect that the next Transaction ID would not be less than 1000. However, after the updates, it will be possible to receive a Transaction ID less than the one you previously received.

    If your system has any functionality that expects Authorize.Net-generated IDs to be sequential, please update it immediately so that you will not see any disruptions to your solution.

    Additionally, please make sure that your solution does not restrict any Authorize.Net ID field to 10 characters. If you are required to define a character limit when storing any of our IDs, the limit should be no less than 20 characters.
    lucky_ray likes this.
  2. pjman

    pjman Member

    Joined:
    Oct 18, 2013
    Messages:
    37
    Got to wait for Alex to chime in here too. Based on what I see, if you are using a CIM integration, your good. The other forms might have an issue with if haven't upgraded Tls in a while.
    lucky_ray likes this.
  3. moonlitnight

    moonlitnight New Member

    Joined:
    Aug 22, 2010
    Messages:
    1
    Good news if the majority of us using CIM integration will not require any changes. Please keep us posted here or let us know the thread for more info...
    Thanks, Michael
  4. jsalatas

    jsalatas aMember Pro Customer

    Joined:
    Mar 31, 2014
    Messages:
    7
    What about SIM?
  5. caesar

    caesar aMember Pro Developer Staff Member

    Joined:
    Oct 16, 2009
    Messages:
    1,660
    These changes do not affect aMember plugins.
    lucky_ray likes this.
  6. jbround39

    jbround39 aMember Pro Customer

    Joined:
    Mar 20, 2008
    Messages:
    61
    Is this true for sites not using CIM or for aMember 3.x?
  7. lucky_ray

    lucky_ray aMember Pro Customer

    Joined:
    May 27, 2013
    Messages:
    31
    Thanks for asking this question. I received that e-mail and was about to ask it myself.

Share This Page