Authorize.Net API Security Certificate Upgrade

Important securitychanges (2)

Authorize.Net has been making some pretty big upgrades to the back end of their service recently, in an effort to remain as secure as ever and keep up with changing technologies. Some of these updates do require merchants to take action in order to implement them properly, though.

A prime example of this is the upcoming update to Authorize.Net’s API security certificates, which will be completed on September 21st, 2015. This is a very important change to be aware of because if your website connects to Authorize.Net via an API Login ID and Transaction Key and you do not update it to be compatible with the new security certificates by that date, then you will be unable to accept transactions until you do so. Since security certificates are very technical concepts, most merchants will need to hire a web developer in order to make sure they are set up correctly.

The below blurb is taken directly from Authorize.Net’s newsletter and includes a link to their Developer Blog, which contains even more tech-savvy terminology about this impending update:

Security Certificate Upgrades to api.authorize.net

As part of our continuous upgrades to enhance system performance and security, on September 21, 2015, we are upgrading api.authorize.net to new security certificates, which are signed using Security Hash Algorithm 2 (SHA-2) and 2048-bit signatures.

These upgrades were already completed on secure.authorize.net in May. If your merchants’ websites or payment solutions connect to api.authorize.net and any updates are necessary to use the new certificates, please refer them to this blog post in our Developer Community, which has all of the certificate information they will need for this update. Our sandbox environment has already been updated so that merchants can validate that their solution will continue to work using SHA-2 signed certificates, prior to September 21st.

After the update is complete on September 21st, any website or payment solution that connects via api.authorize.net that cannot validate SHA-2 signed certificates will fail to connect to Authorize.Net’s servers.

As you can see from the word usage in both this short explanation and in the Developer Blog about it, this update is complex if you are not already familiar with these terms and concepts. For these reasons, we really do have to recommend getting a developer involved to make sure you are prepared to continue processing credit cards after 9/21/15.

If you or your developer have any questions regarding this update, we would be happy to answer them to the best of our knowledge or to direct you to someone who can.

Comments are closed.