Authorize.NET MD5 hash end of life - what’s next?

As the day when Authorize.NET stops supporting MD5 hash draws near, we decided to put together the answers to the most frequently asked questions about this change. We hope we will also be able to answer the million-dollar question - what to do next?

What does “MD5 has an end of life” mean for me?

Authorize.NET, a global payment service provider, is switching from MD5 hash to SHA-512 hash and Signature Key to serve as the transaction verification mechanism. For you as a merchant running a web store and using Authorize.NET as one of the payment methods, this change means that you will not be able to receive payments via this service without an update.

Why does Authorize.NET remove MD5 hash?

MD5, a cryptographic hash function, has been found not secure enough to be used for transaction verification. MD5 has certain serious vulnerabilities that may make outside attacks possible. Such an insecure cryptographic mechanism can no longer be used for payment transactions.

Will my web store be affected?

If your web store is built on the Magento platform, it may be affected. The upcoming change of Authorize.NET verification mechanism will affect the following Magento versions:

  • Magento Commerce 1.14.x
  • Magento Open Source 1.9.x
  • Magento Commerce 2.0.x - 2.3.x
  • Magento Open Source 2.0.x - 2.3.x
  • Magento Commerce Cloud 2.0.x - 2.3.x

Therefore, if you are using any of the above versions in your web store, your payment accepting feature will be affected by this change.

When will this change occur?

According to the official announcement by Authorize.NET, it will switch its production environment to SHA-512 on March 28, 2019. After this date, the MD5 hash will no longer be processed, and you will not be able to accept payments via Authorize.NET if you have not updated your payment gateway.

What should I do to continue accepting payments via Authorize.NET?

The first way to keep your payment feature working is to apply the patch provided by Authorize.NET. That will do the trick, however, working with patches requires certain coding knowledge and experience. With no professional developers on board, applying the patch properly may become a challenging task.

Another solution is to use our Authorize.NET Magento 2 extension that already supports SHA-512 as the transaction verification tool. The Authorize.NET extension by Pronko Consulting will ensure that your payments continue to be processed after March 28, 2019, with no additional effort on your side. You only need to install the extension and configure it in your web store.
The main features of our Authorize.NET extension include:

  • Support of the new Signature Key (SHA-512) hash
  • Support of all credit and debit cards
  • Comprehensive Order Management
  • Advanced configuration settings
  • Authorization and Charge transactions
  • Service isolation approach

The Authorize.NET extension is compatible with Magento Open Source 2.1, 2.2 and 2.3 and Magento Commerce 2.1, 2.2 and 2.3. For you as the merchant, this means that no matter which of the Magento core product variations you have selected to build your web store, the Authorize.NET extension will work with it.

If you have any questions regarding this extension or need assistance in installing and configuring it, contact us for professional advice.