- WCAA2012Asked on August 31, 2015 at 11:43 AM
We want to ensure we can continue to collect payments using Authorize.net through our Jotform without interruptions. Will this be the case with the following changes from Authorize.net? Thanks! ~Ellen
Security Certificate Upgrades to api.authorize.net
As part of our continuous upgrades to enhance system performance and security, on September 21, 2015, we are upgrading api.authorize.net to new security certificates, which are signed using Security Hash Algorithm 2 (SHA-2) and 2048-bit signatures.
These upgrades were already completed on secure.authorize.net in May. If your website or payment solution connects to api.authorize.net and any updates are necessary to use the new certificates, please refer to this blog post in our Developer Community, which has all of the certificate information you and your developer will need for this update. Our sandbox environment has already been updated so that you can validate that your solution will continue to work using SHA-2 signed certificates, prior to September 21st.
After the update is complete on September 21st, any website or payment solution that connects via api.authorize.net that cannot validate SHA-2 signed certificates will fail to connect to Authorize.Net's servers.
Transaction ID Changes
In October of this year, due to system updates, it will be possible to receive Authorize.Net IDs (Transaction ID, Batch ID, etc.) that are not in sequential order.
Currently, if you receive a Transaction ID of "1000," you could expect that the next Transaction ID would not be less than 1000. However, after the updates, it will be possible to receive a Transaction ID less than the one you previously received.
If your system has any functionality that expects Authorize.Net-generated IDs to be sequential, please update it immediately so that you will not see any disruptions to your solution.
Additionally, please make sure that your solution does not restrict any Authorize.Net ID field to 10 characters. If you are required to define a character limit when storing any of our IDs, the limit should be no less than 20 characters.
TLS Remediation for PCI DSS Compliance
As you may already be aware, new PCI DSS requirements state that all payment systems must disable TLS 1.0 by June 30, 2016. To ensure that we are compliant ahead of that date, we will be disabling TLS 1.0 first in the sandbox environment and then in our production environments. Both dates are still to be determined, but please make sure your solutions are prepared for this change as soon as possible.
For more information, including updates to the dates we anticipate disabling TLS in each environment, please refer to our previous blog post. We will also send another email about TLS once we have a final date in place.
- BenAnswered on August 31, 2015 at 02:25 PM
Thank you for contacting us. I believe that this was already updated for our code when it was mentioned by them earlier this year.
However I will raise this to them to check and confirm that everything will be running properly - the required updates are in place.
As soon as they inspect this they will get back to you through this thread.
- WCAA2012Answered on August 31, 2015 at 02:31 PM
Hi Ben, thank you so much for double checking on this!
- BenAnswered on August 31, 2015 at 03:43 PM
You are welcome :)
We do keep ourselves updated, but checking it once again is always a good thing :)
- JotForm SupportNeilVicenteAnswered on September 02, 2015 at 02:56 AM
You will not have to worry or change anything on your end. Our payment integration is future-proof and is compatible with the changes being implemented or to be implemented by Authorize.Net.
If you have any other questions, please free to contact us again.
- EllenAnswered on September 02, 2015 at 09:31 AM
Neil, that's wonderful news, many thanks!
- JotForm SupportJanAnswered on September 02, 2015 at 12:52 PM
On behalf of my colleagues, you are welcome. Let us know if you need any help. Thank you.