Authorize.net's New TLS Requirement

*|MC:SUBJECT|*

Authorize.net's TLS 1.2 Requirement goes into effect on February 28, 2018.
If you are using Authorize.net, you most likely received an email from them regarding their new TLS 1.2 requirement.
Without getting technical, TLS 1.2 is a new encryption standard which is required by the Credit Card companies' PCI Compliance.

We at CMS have been on top of this since the beginning of last year and have updated our code and secure communication specifications to ensure uninterrupted service. We have verified that our servers as well as any applications and code meet these requirements. We have tested this numerous times using Authorize.net's "Sandbox" test environment which already enforces this new encryption standard. These tests have been done both for CMS Classic (Installed Desktop Application), CMS Cloud (Hosted Online) and CMS Online Forms Integration.

However, because CMS Classic is also installed locally on your own computer and network, it is not possible for us to test the system in your local environment. While highly unlikely, there is a small chance that your local environment (computer, windows, locally shared components) may not meet these new requirements.

It is because of this that we encourage you run a transaction during the small time window where Authorize.net will be turning on this new requirement for a few hours on January 30, 2018 between 9:00 AM and 1:00 PM Pacific Time (12:00 PM to 4:00 PM Eastern Time)*.

If you don't have a real transaction to process, you can turn on Test Mode in CMS (Program Setup > Options > Credit Cards) and run your own credit card as a test. It will not actually be charged but it will test the communication between CMS and Authorize.net on the new security protocol (TLS1.2).
Please remember to turn test mode off afterwards. When running transaction in "test mode," the authorization number will always be 000000.

Getting a successful response during these hours will give you the piece of mind that everything is ready on your end as well for the actual deadline of February 28, 2018 when TLS 1.2 will be required.

If you have any questions about this, please don't hesitate to contact CMS Tech Support.


Yisroel Pinson
Chabad Management System


P.S.
  • If you are using Splash Payments Integration and not Authorize.net, this notice does not apply to you. However, you do need to ensure you install CMS version 8.1.5 or later.
  • If you are using Splash Payments Integration in addition to Authorize.net, this email does apply to you. As well, you need to ensure to use CMS version 8.1.5 or later.
* In the email communication from Authorize.net that you may have received, a different time (Feb 8) was also mentioned. This does not apply to you as CMS uses the new Akamai-enabled API.