Jump to content
marleyman

Authorize.net updates and enhancements email notice

Recommended Posts

I have an osCommerce 2.3.1 Website and I'm using Authorize.net Credit Card AIM - Version: 1.0 (online status), Info API Version: 3.1
I am also using a SHA-2 signed SSL Certificate.

I  got this notice from Authorize.net below.
Do you know if anything needs to be changed on their osCommerce site because of this?
Thank you for any help you can give me!


----- Forwarded message from "Authorize.Net"  
<info@payment.authorize.net> -----
     Date: 26 Aug 2015 12:15:52 -0400
     From: "Authorize.Net" <info@payment.authorize.net>

Trouble viewing this email? View it in your browser  
<http://app.payment.authorize.net/e/es.aspx?s=986383348&e=951905&elq=79f5ee6dbe9c4ca4898a1b0b6ea93486>.

Dear Authorize.Net Merchant:

Over the next few months, there are several updates and enhancements  
we are making to our systems that you need to be aware of. They are  
all technical in nature and may require the assistance of your web  
developer or shopping cart/payment solution provider.

Please read this notice carefully, and if you need to find a developer  
to help you, please check out our Certified Developer Directory at  
www.authorize.net/cdd.


Security Certificate Upgrades to api.authorize.net
---------------------------------------------------
As part of our continuous upgrades to enhance system performance and  
security, on September 21, 2015, we are upgrading api.authorize.net to  
new security certificates, which are signed using Security Hash  
Algorithm 2 (SHA-2) and 2048-bit signatures.

These upgrades were already completed on secure.authorize.net in May.  
If your website or payment solution connects to api.authorize.net and  
any updates are necessary to use the new certificates, please refer to  
this blog post in our Developer Community  
(http://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/Production-Certificate-Upgrades-begin-May-27-2015/ba-p/50430), which has all of the certificate information you and your developer will need for this update. Our sandbox environment has already been updated so that you can validate that your solution will continue to work using SHA-2 signed certificates, prior to September  
21st.

After the update is complete on September 21st, any website or payment  
solution that connects via api.authorize.net that cannot validate  
SHA-2 signed certificates will fail to connect to Authorize.Net's  
servers.


Transaction ID Changes
----------------------
In October of this year, due to system updates, it will be possible to  
receive Authorize.Net IDs (Transaction ID, Batch ID, etc.) that are  
not in sequential order.

Currently, if you receive a Transaction ID of "1000," you could expect  
that the next Transaction ID would not be less than 1000. However,  
after the updates, it will be possible to receive a Transaction ID  
less than the one you previously received.

If your system has any functionality that expects  
Authorize.Net-generated IDs to be sequential, please update it  
immediately so that you will not see any disruptions to your solution.

Additionally, please make sure that your solution does not restrict  
any Authorize.Net ID field to 10 characters. If you are required to  
define a character limit when storing any of our IDs, the limit should  
be no less than 20 characters.


TLS Remediation for PCI DSS Compliance
--------------------------------------
As you may already be aware, new PCI DSS requirements state that all  
payment systems must disable TLS 1.0 by June 30, 2016. To ensure that  
we are compliant ahead of that date, we will be disabling TLS 1.0  
first in the sandbox environment and then in our production  
environments. Both dates are still to be determined, but please make  
sure your solutions are prepared for this change as soon as possible.

For more information, including updates to the dates we anticipate  
disabling TLS in each environment, please refer to our previous blog  
post at  
http://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/Authorize-Net-begins-TLS-1-0-Remediation-for-PCI-DSS-compliance/ba-p/51326. We will also send another email about TLS once we have a final date in  
place.


Akamai Reminder
----------------
Last, but not least, we previously announced our Akamai implementation  
plan and timelines  
(http://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/Important-Authorize-Net-Networking-Change/ba-p/51272). Using Akamai's technology will provide Authorize.Net a superior level of reliability, as it helps safeguard against interruptions caused by issues beyond our direct control, such as Internet congestion, fiber cable cuts and other similar  
issues.

If you have not already, please review the announcement and the Akamai  
FAQs at http://www.authorize.net/support/akamaifaqs/to determine what  
action you should take for your particular solution.


Thank You
---------
Thank you for your attention to this important email. We appreciate  
your ongoing business and are excited to bring you the benefits and  
reliability that these changes will provide.

Sincerely,
Authorize.Net



***You have opted to receive Administrative Announcements or Technical  
Notices for your payment gateway account. To unsubscribe, log into the  
Merchant Interface and click Account from the main toolbar. Then click  
User Profile from the menu on the left. Select Edit Profile  
Information and uncheck the email types you do not want to receive.  
Click Submit to save any changes.

For information on Authorize.Net communications and how we handle  
customer information, please see our Spam Policy at  
http://www.authorize.net/company/spampolicy/and Privacy Policy at  
http://www.authorize.net/company/privacy/. Please do not reply to this  
email.

© Copyright 2015. Authorize.Net. P.O. Box 8999, San Francisco, CA  
94128-8999. All rights reserved. All other marks are the property of  
their respective owners.
 

Share this post


Link to post
Share on other sites

Any authorize module will work. If it uses a url of secure...., it should be changed to secure2... You also want to make sure your ssl cert is setup for SHA-2. They are also talking about doing away with TSA 1.0 connections, though that is not required until next June. Hosts like to keep TLS 1.0 active for compatibility reasons but if authorize.met changes before next June, which they say they will, it may create a problem. You need to talk to your host about this though you may want to wait until authorize.net decides when they will make the change.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×