Support

Home Forums Event Espresso Premium Authorize.net technical update

Authorize.net technical update

Posted: February 22, 2016 at 1:31 pm


Dean

February 22, 2016 at 1:31 pm

Auth.net recently sent a “technical update” email to it’s merchants. Will this have any impact on the Auth.net payment method in either EE3 or EE4?

Thanks,

Greg

Transaction and Batch ID Reminder
In the coming months, due to system updates, it will be possible to receive Authorize.Net IDs (Transaction ID, Batch ID, etc.) that are not in sequential order.

For example, currently, if you receive a Transaction ID of “1000,” you could expect that the next Transaction ID would not be less than 1000. However, after the updates, it will be possible to receive a Transaction ID less than the one previously received.

If your system has any functionality that expects Authorize.Net-generated IDs to be sequential, please update it immediately so that you will not see any disruptions.

Additionally, please make sure that your solution does not restrict any Authorize.Net ID field to 10 characters. If you are required to define a character limit when storing any of our IDs, the limit should be no less than 20 characters.
RC4 Cipher Disablement
In an effort to ensure that all of your server-to-server communications with the Authorize.Net platform (both transactional and otherwise) maintain the highest levels of security, we will be disabling the RC4 cipher suite during the first half of 2016. A follow-up notification will be sent out once specific dates for the disablement are ready for the sandbox and production environments.

For now, if you have a solution that relies on RC4 to communicate with our servers, please update it to a current, high-security cipher as soon as possible. Please review our API best practices blog post for more information.
TLS Remediation for PCI DSS Compliance
As you may already be aware, new PCI DSS requirements state that all payment systems must disable TLS 1.0 by 2018. Though we are still finalizing our plans for remediating TLS 1.0 in both sandbox and production, we will be disabling TLS 1.0 in sandbox and production in early 2017. This is to ensure that we are compliant ahead of the PCI date.

In addition, we are discussing the possibility of disabling TLS 1.1 at the same time, because while it is not expressly forbidden, there are enough concerns surrounding it. TLS 1.2 is currently the strongest available protocol, and we strongly urge all merchants and developer partners to use it for their API integrations.

For more information, including updates to the dates we anticipate disabling TLS in each environment, please refer to our previous blog post.


Josh

  • Support Staff

February 22, 2016 at 1:54 pm

Those do not affect Event Espresso, but since Authorize.net’s disabling of TLS1.0 and maybe TLS1.1 might affect your server setup, you should contact your host to make sure that the servers running your website use TLS 1.2.


Dean

February 22, 2016 at 1:58 pm

Thanks for the quick response, Josh!


Josh

  • Support Staff

February 22, 2016 at 2:45 pm

You’re welcome.

The support post ‘Authorize.net technical update’ is closed to new replies.

Have a question about this support post? Create a new support post in our support forums and include a link to this existing support post so we can help you.

Support forum for Event Espresso 3 and Event Espresso 4.
Documentation for EE3 and EE4
Documentation for Event Espresso 3

Documentation for Event Espresso 4

Status: closed

Updated by  Josh 3 years, 7 months ago ago

Topic Tags

Tagged: 

Notifications

This topic is: not resolved
Do NOT follow this link or you will be banned from the site!