If you are using Authorize.net as your Payment Gateway, you may have already received (or will receive in the coming days) and email with the subject "Authorize.net Technical Updates".
In that email, Authorize.net outline some changes they are making to their system, relating to PCI Compliancy and service uptime.
As a MemberGate owner, you shouldn't have to do anything to your site relating to these updates, as outlined below:
- Akamai SureRoute
What this means is that Authorize.net are changing how they route requests to the Gateway in order to process.
Rather than submitting the request directly to the system, they are routing them through a Cloud Service called Akamai.
The reason for doing that is that it creates multiple routes to the Gateway, rather than relying on a single route, so if one of those routes has technical issues, the requests can be re-routed and still reach the gateway, which should improve the uptime of the Gateway.
Although Authorize.net have created some new URLs which can use the Akamai SureRoute system now, the existing URLs that MemberGate submits requests too, will automatically be updated in June 2016 to take advantage of the new service, so no update should be required to the code.
- Transaction and Batch IDs
MemberGate has no dependency on the transaction IDs being sequential.
We simply store the transaction ID so we can reference the transaction in future if we need to retrieve details about it, but there is no requirement from MemberGate for the IDs to be sequential.
- RC4 Cipher Disablement
RC4 is an out-dated method of encryption, and has already been disabled on the servers.
All communication with Authorize.net is done using up-to-date ciphers.
- TLS Remediation for PCI DSS Compliancy
The servers at Hostek have already had the older SSL protocols disabled (SSL 3.0 and TLS 1.0)
Those methods of communication are NOT secure, as many of you will have read about in the news in the last couple of years, with related attacks such as POODLE and HEARTBLEED etc.
One of the main reasons for us migrating your sites over to Hostek, was that we could run the sites on updated software, which supported the updated SSL protocols.
The servers are running on ColdFusion 11, which is the latest version of ColdFusion, and already support TLS 1.2 communication.
With the older SSL protocols already disabled, the servers will already be communicating with Authorize.net using the latest protocol, so Authorize.net disabling TLS 1.0 (and 1.1) should not impact the functionality of your site.