Authorize.net offers many different ways to secure your online transactions. Their servers are secure as they comply with PCI security standards. So every transactions taking place on Authorize.net servers are secure. And this is the most basic reason why developers prefer SIM integration methods. But now is the era of XSS (Cross-Site Scripting) and CSRF (Cross-Site Request Forgery). You need to make sure your SIM integration is safe and secure from these vulnerabilities.
How Authorize.net SIM Works
- Buyer clicks on Checkout or Pay Now button/link on your website.
- Buyer is redirected to secure payment form on authorize.net server.
- Buyer enters the details like credit card number, billing details, shipping details etc.
- And submit the payment. Then a payment transaction detail is sent to your relay url (pre-defined url on your site).
- File at relay url processes the transaction details and completes the order or mark as pending. Depending upon the response received.
Whats Wrong in Here?
- If you are using custom carts like WooCommerce, Drupal Commerce or any bespoke shopping cart on your site.
- Any naughty guy who knows your relay url. Can send you the same transaction response details on relay url.
- And your site will process his order without real payments.
This could be a real naughty stuff. But not to worry about these naughty guys, we have a solution. A better solution for this issue is MD5 Hash feature.
How MD5 Hash Feature Works
- Now when you have MD5 Hash feature enabled in your Authorize.net account settings.
- Whenever a transaction detail is sent to your relay url. It will validate the authenticity of that transaction data using MD5 hash.
- Now your site can differentiate between real and fake transactions. And will be more safe place for buyers to transact online.
Setup MD5 Hash Security
- Log-in to your Authorize.net account
- In dashboard, on left panel you will see many option links.
- Open “settings” link in “Account” option.
- In Settings page, under “Security Settings” section, “General Security Settings” you will find “MD5 Hash” link. Click to open the link.
- Enter a “new hash value” and “confirm new hash value”, and submit.
- Your MD5 hash is setup now.
What value to enter in MD5 hash option?
You can enter any alpha numeric value, consider values that are secure. Use any password generator app to generate the values.
Do I need to enter MD5 hash or any string?
You need to enter simple text/string here. You need not to enter any hash value of something.
Where in my code do I use MD5 hash value?
If you are using third party carts like WooCommerce, Drupal Commerce there will be an option to set MD5 hash value. You can enter the same string here and save the settings. WooCommerce extensions like Authorize.net Plugin provides option in settings to add MD5 hash.
If you are using custom code, then refer SIM Implementation Guide on how to add MD5 Hash feature.