Magento announces the official support to MD5 based hash usage till 14th March 2019. MD5 is an older hash method used for direct post payment methods. It seems MD5 is less secured compared to SHA512 in terms of its computing power and hence the shift is made imperative.
Merchants using this MD5 based transHash element should replace the existing MD5 hash with the Signature Key (SHA512). The merchants using this configuration have already been emailed about the update.
The interface that controls the MD5 will also be removed and the transHash element will also stop returning values soon.
The two-phase removal of MD5 will have no impact on the API response. So, don’t worry!
You can check out the latest updates on the official Magento site. This news may have severe impacts on merchants who use Authorize.net Direct post methods in Magento.
Also, the official site mentions about the release of an extension to replace Direct Post starting with version v2.3.1 for commerce and Open source. The expected date of release is not out yet.
Magento open source, Magento Commerce, and Magento cloud merchants will no more be able to process payments using Authorize.Net Direct Post payment methods.
To move ahead successfully with the service, Magento has provided a patch for such merchants. Merchants only need to replace the existing MD5 hash with a Signature Key in the configuration settings.
Know more about the affected versions:
Hire Magento developer for assistance. Download and install the Magento packages based on your version. Patches are also available for a composer installed versions.
For Magento Commerce:
For Magento Cloud:
Apply the patch and deploy.
Get the new Signature Key and add it to the Magento Admin Configuration.
Follow the below-mentioned steps:
Magento 2 Authorize.Net Direct Post configuration screen
These steps will successfully update the Signature Key and the payment processing will continue. For any further changes, Elnser will keep you updated.