Authorize.Net alerted customers recently that it was phasing out MD5 based hashes. These are used for transaction response verification from Magento’s Direct Post payment method. Magento has announced a patch to address this issue. The first step is currently in effect, merchants are no longer able to configure or update their MD5 Hash settings in the Merchant Interface. On June 28, 2019, Authorize.Net will stop populating the MD5 Hash Value altogether. This will in effect make it impossible to process payments for merchants who use Authorize.Net Direct Post method in Magento.
For all Magento versions prior to Magento 2.3.1 (including Magento 1.9 and 1.14 and below) Authorize.net Direct Post was a native payment application within Magento’s platform. This payment method will no longer be valid after June 28, 2019. This could result in lost revenue and downtime for merchants.
In order to continue processing these payments, Magento has provided a solution in the form of patches which can be applied for both Magento 1.X and Magento 2.X. These patches for Magento must be applied within the code base and deployed to the merchant’s production server before June 28th to ensure continuity of service. Additionally, the merchant must generate a signature key within their authorize.net portal, and insert this into the admin configuration.
If any of this sounds technical, its because it is. The patch provided requires updating your Magento code. After the patch is applied, it is important to verify that any customizations dependent on the Authorize.net module are not impacted by the patch and appropriate configurations within the payment portal are properly tested.
Crimson Agility is well-versed in this process and has already completed the necessary changes for all their clients. If you are concerned your site might be at risk, please contact us for Magento Support through our contact form or call us directly for assistance.
For more information on this issue see the following: