Magento announces the official support to MD5 based hash usage till 14th March 2019. MD5 is an older hash method used for direct post payment methods. It seems MD5 is less secured compared to SHA512 in terms of its computing power and hence the shift is made imperative.

Merchants using this MD5 based transHash element should replace the existing MD5 hash with the Signature Key (SHA512). The merchants using this configuration have already been emailed about the update.

The interface that controls the MD5 will also be removed and the transHash element will also stop returning values soon.

The two-phase removal of MD5 will have no impact on the API response. So, don’t worry!

You can check out the latest updates on the official Magento site. This news may have severe impacts on merchants who use Authorize.net Direct post methods in Magento.

Also, the official site mentions about the release of an extension to replace Direct Post starting with version v2.3.1 for commerce and Open source. The expected date of release is not out yet.

Magento open source, Magento Commerce, and Magento cloud merchants will no more be able to process payments using Authorize.Net Direct Post payment methods.

To move ahead successfully with the service, Magento has provided a patch for such merchants. Merchants only need to replace the existing MD5 hash with a Signature Key in the configuration settings.

Know more about the affected versions:

• Magento Commerce 1.X.X
• Magento Open Source 1.X.X
• Magento Commerce 2.X.X
• Magento Open Source 2.X.X
• Magento Commerce (Cloud) 2.X.X
• Authorize.Net Direct Post

With just three simple steps you can continue to use the Authorize.Net Post Payment methods.

1. Apply the Patch:

Hire Magento developer for assistance. Download and install the Magento packages based on your version. Patches are also available for a composer installed versions.

For Magento Commerce:

• Go to My Account;
• Navigate to Downloads and select the Magento edition and version;
• Select Support and Security patches and then Security patches;
• Download and Install Authorize.Net direct post signature key;

 For Magento Cloud:

Apply the patch and deploy.

2. Acquire the new Signature Key:

Get the new Signature Key and add it to the Magento Admin Configuration.

• Log in the Merchant interface;
• Click on Account;
• Select Settings from the main left-side menu;
• Click on API Credentials and Keys;
• Select the Signature from the options available;
• Click Submit to go ahead;
• Request and Enter PIN verification;
• As soon as your new Signature Key is displayed, copy it to your Magento Admin configuration.

3. Update the Magento Admin Configuration;

Follow the below-mentioned steps:

• Log in the Admin interface;
• Click on Store; then under settings click configuration;
• Select Sales then Payment Methods;
• Enter the copied SHA 512 Signature Key;
• Select the Save Config option.

Magento 2 Authorize.Net Direct Post configuration screen

These steps will successfully update the Signature Key and the payment processing will continue. For any further changes, Elnser will keep you updated.

Dipak Patil

March 05, 2019