OpenCart Community

I received this information from Authorize.net and wanted to know if anyone has figured out how to implement this...I have NO CLUE how to do this..

Authorize.Net is phasing out the MD5 based transHash element in favor of the SHA-256 based transHashSHA2. The setting in the Merchant Interface which controls the MD5 Hash option will be removed by the end of January 2019, and the transHash element will stop returning values at a later date to be determined.

We have identified that you have this feature configured and may be relying on MD5 based transHash in transaction responses for verifying the sender is Authorize.Net.

Please contact and work with your web developer or solutions provider to verify if you are still utilizing MD5 based hash and if still needed to move to SHA-256 hash via Signature Key.

Please refer your developer or solution provider to our Transaction Hash Upgrade Guide for more details and information on this change.

I also have this question. It is quite concerning. I reached out to Authorize.net and they said it's possible it would result in errors appearing post check-out, which would likely mislead customers to think their order failed (when in fact they did get charged). Meaning they would probably try again (and get charged again). Yikes! Hoping someone has some insight on this too =)

At this point, it looks like I have to drop Authorize.net or opencart. <sigh>

Alas, I'm faced with the same issue. I've got too much time and money invested in OpenCart to ditch it, but it looks like I may have to.

I found an SIM payment extension that, among many other features, claims to provide a solution to the Authorize.net hash problem. I'll install on client approval and get back with a report.

Here it is - http://tinyurl.com/yb8qxqpy

We recently reached out to a local developer, and she explained to me that MD5 is something that shopping cart platforms across the board have been anticipating for nearly a decade. She said many of her clients received the same warning from Authorize.net, even though their shopping cart platforms were fully up to date.

Furthermore, when I contacted Authorize.net's chat support, they informed me that ALL customers received this message. In other words, many people received this warning whether or not it pertains to their site.

The developer I just spoke with encouraged me to look into whether or not OpenCart (in our case, 2.2.0.0, which is only a few years old) did prepare for MD5, and her sense was it probably already did. I'll search these forums to see if I find anything speaking to this, and report back.

I posted about this in October last year but since I mentioned it in a 2nd post, I was pointed back to my other post and told it was redundant and the call would be canceled. In typical OpenCart fashion, my face was rubbed in the redundancy but nobody had the courtesy to tell me if OpenCart was going to deal with this. There was a vague reference to Daniel and the Developers GitHub but again, no clue if this will be ignored and sites using Authorize.net will suddenly be without a payment solution.
It would be nice if anyone would give an update. I don't want to leave Authorize.net and can't leave OpenCart at this time due to the work involved.

I tried the plugin I mention in a previous post - Authorize.net SIM integration + iFrame. It's not terribly cheap ($79.99) but it works like a charm, worth every penny to me. http://tinyurl.com/yb8qxqpy

Additionally have this inquiry. It is very concerning. I connected with Authorize.net and they said it's conceivable it would result in blunders showing up post registration, which would probably misdirect clients to think their request fizzled.