Hi folks,
We received an email from Authorize.net regarding a number of changes that will take place in September. I can forward the email if you want to see the contents. The email points to a blog at:
http://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/Production-Certificate-Upgrades-begin-May-27-2015/ba-p/50430?utm_campaign=2015%20Technical%20Newsletter%20to%20Merchants.html&utm_medium=email&utm_source=Eloqua
We wonder if Shopsite is following these changes and are prepared for them. We currently run ShopSite® Pro 12 sp1 r4.0.1, and will move to 12, sp2 when it is available.
Thanks in advance.
Authorize.net changes
3 posts
• Page 1 of 1
Authorize.net changes
by FredW » Sun Aug 30, 2015 9:32 pm
- FredW
- Posts: 188
- Joined: Mon Apr 02, 2012 2:07 pm
Re: Authorize.net changes
by ShopSite David » Mon Aug 31, 2015 12:15 pm
There's been a recent email from Authorize.net referring to 4 items. The short answer is you should be good to go for this year. One change they are making (turning off TLS 1.0 in 2016) will require an upgrade to ShopSite v12 sp2 coming out later this year. Here's a more detailed response.
1) "As part of our continuous upgrades to enhance system performance and security, on September 21, 2015, we are upgrading api.authorize.net to new security certificates, which are signed using Security Hash Algorithm 2 (SHA-2) and 2048-bit signatures.
These upgrades were already completed on secure.authorize.net in May"
This is not an issue since ShopSite uses secure.authorize.net, not api.authorize.net see:
http://support.shopsite.com/KBase/questions/2566/
2) "In October of this year, due to system updates, it will be possible to receive Authorize.Net IDs (Transaction ID, Batch ID, etc.) that are not in sequential order... Additionally, please make sure that your solution does not restrict any Authorize.Net ID field to 10 characters. If you are required to define a character limit when storing any of our IDs, the limit should be no less than 20 characters"
We don’t anticipate there will be a problem, there are no expectations of the Authorize.net transaction IDs being sequential or limited to 10 characters within ShopSite. We have not seen that we can test this in Authorize.net's sandbox servers.
3) "As you may already be aware, new PCI DSS requirements state that all payment systems must disable TLS 1.0 by June 30, 2016. To ensure that we are compliant ahead of that date, we will be disabling TLS 1.0 first in the sandbox environment and then in our production environments. Both dates are still to be determined, but please make sure your solutions are prepared for this change as soon as possible."
This will require upgrading to ShopSite v12 sp2 which will support TLS 1.1 and 1.2. We anticipate releasing this version before the end of the year for most of our supported platforms.
4) "Last, but not least, we previously announced our Akamai implementation plan and timelines."
ShopSite has tested against Authorize.Net’s Phase 1 new transaction URLs that are already using the Akamai system and have not encountered any problems. We do not anticipate any issues when Authorize.net switches their current production URLs over in June 2016, and because they are moving over the existing URLs automatically, no changes will need to be made to ShopSite settings for that switchover to occur.
http://support.shopsite.com/KBase/questions/2568/
1) "As part of our continuous upgrades to enhance system performance and security, on September 21, 2015, we are upgrading api.authorize.net to new security certificates, which are signed using Security Hash Algorithm 2 (SHA-2) and 2048-bit signatures.
These upgrades were already completed on secure.authorize.net in May"
This is not an issue since ShopSite uses secure.authorize.net, not api.authorize.net see:
http://support.shopsite.com/KBase/questions/2566/
2) "In October of this year, due to system updates, it will be possible to receive Authorize.Net IDs (Transaction ID, Batch ID, etc.) that are not in sequential order... Additionally, please make sure that your solution does not restrict any Authorize.Net ID field to 10 characters. If you are required to define a character limit when storing any of our IDs, the limit should be no less than 20 characters"
We don’t anticipate there will be a problem, there are no expectations of the Authorize.net transaction IDs being sequential or limited to 10 characters within ShopSite. We have not seen that we can test this in Authorize.net's sandbox servers.
3) "As you may already be aware, new PCI DSS requirements state that all payment systems must disable TLS 1.0 by June 30, 2016. To ensure that we are compliant ahead of that date, we will be disabling TLS 1.0 first in the sandbox environment and then in our production environments. Both dates are still to be determined, but please make sure your solutions are prepared for this change as soon as possible."
This will require upgrading to ShopSite v12 sp2 which will support TLS 1.1 and 1.2. We anticipate releasing this version before the end of the year for most of our supported platforms.
4) "Last, but not least, we previously announced our Akamai implementation plan and timelines."
ShopSite has tested against Authorize.Net’s Phase 1 new transaction URLs that are already using the Akamai system and have not encountered any problems. We do not anticipate any issues when Authorize.net switches their current production URLs over in June 2016, and because they are moving over the existing URLs automatically, no changes will need to be made to ShopSite settings for that switchover to occur.
http://support.shopsite.com/KBase/questions/2568/
- ShopSite David
- Site Admin
- Posts: 316
- Joined: Fri Aug 04, 2006 1:30 pm
- Location: Utah
Re: Authorize.net changes
by FredW » Mon Aug 31, 2015 2:05 pm
Thanks again David. We will be adopting sp2 ASAP for other reasons.
Your reply and time is appreciated.
Fred
Your reply and time is appreciated.
Fred
- FredW
- Posts: 188
- Joined: Mon Apr 02, 2012 2:07 pm
3 posts
• Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 68 guests