Authorize.Net Direct Post Security Upgrade: Updating MD5 to SHA-512

Authorize.Net Direct Post Security Upgrade

Authorize.Net – the most popular payment gateway service provider in the world – is in the process of making a big change to how it verifies transactions, and that change impacts the business of every single one of their Direct Post users.

The company is phasing out MD5-based hashing and switching to SHA-512 signature key hashing. The last stage of the switch goes into effect on June 27th, 2019, and every business using Authorize.Net Direct Post, including BAMS users, will have to switch over before that date to avoid interruptions to their payment processing services.

To a lot of merchants, this might be a confusing topic or seem like an unnecessary hassle, but this change is an important step in keeping Authorize.Net’s transaction security on the cutting edge – something that benefits every single merchant on the platform.

 

What are MD5 and SHA-512?

MD5 and SHA-512 are cryptographic hash functions – algorithms that take data of any size and transmit them into an essentially irreversible fixed-length string. In simpler terms, hash functions take any type of data – like your name or your credit card number – and turn it into a new set of letters and numbers with a fixed number of characters.

Once that new set of letters and numbers has been created, it’s mathematically so difficult to translate it back into the original data that it simply isn’t feasible. That means that users who know the translation between the original data and the hash can easily verify it, but outside parties – like hackers or other bad actors – can’t decrypt the hash to get at the sensitive information it protects.

That level of security is why credit card companies and payment processors use cryptographic hashing to protect transaction data. A buyer’s complete information can be hashed and transmitted without having to worry about it being intercepted and seen by anyone that isn’t supposed to.

 

Why is switching from MD5 to SHA-512 worth the trouble?

Internet security is a never-ending game of cat and mouse. Hackers and bad guys are constantly figuring out new ways to break existing security protocols, and security teams are constantly figuring out new safeguards to replace the old ones.

MD5 is old technology. It was designed in 1991, and while it’s been a security workhorse for decades, it’s so old and so common that it no longer meets the level of security required to protect transaction data. MD5 has a number of weak points, not the least of which are that hackers have developed brute force attacks that can decrypt its hashes, and that it’s possible to duplicate the same hashes with different data.

SHA-512 is one of the newest hash functions in the SHA-2 family, and it has some major security benefits over MD5. The first is that, while MD5 is a 128-bit hash function, SHA-512 creates 512-bit hashes. In practical terms, what that means is that the strings of letters and numbers created by SHA-512 are 2.75x larger than the ones created by MD5 (trust us on the math.) The second major benefit is that SHA-512 is collision resistant, meaning it’s much, much harder to create the same hash from two different sets of data.

The result is that SHA-512 encryption is much harder to crack than MD5, and when it comes to the sensitive payment data of your customers, that advantage is priceless.

 

What do I have to do to make sure my Authorize.Net integration is up to date?

Your two basic options are to upgrade Authorize.Net to version 2.3.1, or to apply a patch to your implementation of version 2.2.8. In either case, you’ll also need to obtain a signature key for your newly updated security.

Patching an existing Authorize.Net integration isn’t overly complex, but it might be beneficial to obtain some developer help to get the job done. 

Completing the necessary steps before June 27th, 2019 will ensure your uninterrupted ability to continue processing payments through Authorize.Net and will ensure your customers will be able to continue doing business with you with full confidence in the security of their sensitive data.  

 

Check out our Authorize.net Certified Integrations and learn more about BAMS. Our low-price guarantee and unique five-point price comparison process ensure that partnering with BAMS will not only make your payment processing easier, it’ll also help boost your company’s profitability as well.

 

Choosing a gateway? Make Sure You Get a Free Authorize.net setup!

Mobile payment. Credit card reader on smartphone scanning a credit card. authorize.net concept

Authorize.net is well-known to e-commerce sites since it is the biggest payment gateway serving this market. It is stable, robust, and includes many security features. This ensures that it will remain the favorite for the foreseeable future.

What is less well-known is that Authorize.net enables online payments in other situations as well. Thanks to this capability, you can use it to accept credit cards in offsite locations like fairs and shows. There, you can use a card reader that attaches to your mobile device or even use your onscreen keyboard to enter customer information.

You’ll also find that Authorize.net’s security features give you all of the customization you need in order to meet your specific needs. Properly tweaking the settings will allow your system to automatically reject the orders that you deem likely to be fraudulent while automatically processing those that pass the checks.

Getting the Authorize.net Payment Gateway

If you deal online, your payment processor should automatically offer you an Authorize.net gateway. However, there is a big difference between the processors when it comes to the details. In particular, you need to know that the cost is not the same across the board. Some charge a substantial amount for the gateway setup, while others include it with their main accounts for free.

To learn more about Authorize.net and how it can help your brick-and-mortar operations as well as your e-commerce site, just contact us. We’ll be glad to tell you about it and all of our other relevant payment processing services.

Tips to Help Prevent Chargeback Fraud

Stealing a credit card through a laptop concept for computer hacker, fraud, network security and electronic banking security

All chargebacks are frustrating, but it’s even worse when they happen because of fraud. Then, you not only lose the transaction but the merchandise as well. This alone is enough reason to make sure you stop fraud before you send out any products. Here are some of the chargeback prevention ways that you can armor your online store against fraudulent purchases:

The Zip Code Check

These checks are basic, but they block a surprising amount of suspicious transactions. One of the most standards is to collect the would-be buyer’s name and address. Then, use a shopping cart that sends that information to Authorize.net along with the credit card number. Set your Authorize.net account to compare the zip code on file with the credit card company against the one you were given. If they don’t match, it automatically declines the transaction.

Have Proof of Shipment

One of the most common ways to commit chargeback fraud is done by the criminal ordering things and then claiming non-receipt. Stop this nonsense by shipping everything using methods that give you tracking numbers and proof of delivery. All of the major shippers have an option that provides these things, and it’s worth it to use those options. Then if someone claims non-delivery, you can give us or a card-issuing bank the number to prove that your package indeed arrived.

Having this information at hand also helps you when the customer legitimately hasn’t gotten an item. You’ll be able to look up the tracking and see exactly where the package is in the shipping system. You can almost always get someone to be more patient if you can provide a detailed answer to the question of “where’s my stuff!?.”

To learn more about how to prevent fraudulent chargebacks and other problems, just contact us. We’ll be glad to help you make your business go more smoothly.