Authorize.net changes.. will they affect Hikashop?

-- url of the page with the problem -- : n/a
-- HikaShop version -- : latest
-- Joomla version -- : latest
-- PHP version -- : latest
-- Browser(s) name and version -- : na

Hello,

We just got this in the email and wanted to see if any actions need to be taken on our end or on yours.

Many thanks..

_____________

Important Authorize.Net Technical Updates

Your Payment Gateway ID: XXXXX
Dear Authorize.Net Merchant:

Over the next few months, there are several updates and enhancements we are making to our systems that you need to be aware of. They are all technical in nature and may require the assistance of your web developer or shopping cart/payment solution provider.

Please read this notice carefully, and if you need to find a developer to help you, please check out our Certified Developer Directory at www.authorize.net/cdd .

Security Certificate Upgrades to api.authorize.net

As part of our continuous upgrades to enhance system performance and security, on September 21, 2015, we are upgrading api.authorize.net to new security certificates, which are signed using Security Hash Algorithm 2 (SHA-2) and 2048-bit signatures.

These upgrades were already completed on secure.authorize.net in May. If your website or payment solution connects to api.authorize.net and any updates are necessary to use the new certificates, please refer to this blog post in our Developer Community, which has all of the certificate information you and your developer will need for this update. Our sandbox environment has already been updated so that you can validate that your solution will continue to work using SHA-2 signed certificates, prior to September 21st.

After the update is complete on September 21st, any website or payment solution that connects via api.authorize.net that cannot validate SHA-2 signed certificates will fail to connect to Authorize.Net's servers.

Transaction ID Changes

In October of this year, due to system updates, it will be possible to receive Authorize.Net IDs (Transaction ID, Batch ID, etc.) that are not in sequential order.

Currently, if you receive a Transaction ID of "1000," you could expect that the next Transaction ID would not be less than 1000. However, after the updates, it will be possible to receive a Transaction ID less than the one you previously received.

If your system has any functionality that expects Authorize.Net-generated IDs to be sequential, please update it immediately so that you will not see any disruptions to your solution.

Additionally, please make sure that your solution does not restrict any Authorize.Net ID field to 10 characters. If you are required to define a character limit when storing any of our IDs, the limit should be no less than 20 characters.

TLS Remediation for PCI DSS Compliance

As you may already be aware, new PCI DSS requirements state that all payment systems must disable TLS 1.0 by June 30, 2016. To ensure that we are compliant ahead of that date, we will be disabling TLS 1.0 first in the sandbox environment and then in our production environments. Both dates are still to be determined, but please make sure your solutions are prepared for this change as soon as possible.

For more information, including updates to the dates we anticipate disabling TLS in each environment, please refer to our previous blog post. We will also send another email about TLS once we have a final date in place.

Akamai Reminder

Last, but not least, we previously announced our Akamai implementation plan and timelines. Using Akamai's technology will provide Authorize.Net a superior level of reliability, as it helps safeguard against interruptions caused by issues beyond our direct control, such as Internet congestion, fiber cable cuts and other similar issues.

If you have not already, please review the announcement and the Akamai FAQs to determine what action you should take for your particular solution.

Thank You


Thank you for your attention to this important email. We appreciate your ongoing business and are excited to bring you the benefits and reliability that these changes will provide.

Sincerely,
Authorize.Net

Our clients have begun getting a new round of notices from Authorize.net. Are you able to confirm that the HikaShop Authorize.net plugin is compatible with these requirements?

Here's the text of what Authorize.net is sending out:

As you may be aware, new PCI DSS requirements state that all payment systems must disable early TLS by 2018. Transport Layer Security (TLS), is a technology used to encrypt sensitive information sent via the Internet. TLS is the replacement for Secure Sockets Layer (SSL).

In preparation for this requirement, Authorize.Net plans to disable TLS 1.0 and TLS 1.1 on the following dates:

Sandbox: COMPLETE
Production: September 18, 2017

We have disabled the sandbox in advance of production to allow you and your developer time to test your website or payment solution and ensure you are no longer using TLS 1.0 or 1.1 prior to September 18th.

Please contact your web developer or payment solution provider, as well as your web hosting company, to confirm that they can support TLS 1.2 for your API connections.

In addition, we plan to retire the 3DES cipher (a data encryption standard) in production soon. However, the date has not yet been finalized. We will notify you once it has.

Please refer your developer or solution provider to our API Best Practices for cipher recommendations, details about TLS 1.2 platform support, and other integration suggestions.