[ic] AuthorizeNet requre Refer URL
Paul Jordan
interchange-users@interchange.redhat.com
Mon May 20 15:12:00 2002
> Hello List,
>
> Please read below announcement. Does this affect the AuthorizeNet payment
> gateway in Interchange?
>
> Thanks,
>
> RM
>
> New Authorize.Net Security Requirement - Action Required by May 28, 2002
> Effective May 28, 2002, Authorize.Net will require all Merchants
> who connect
> to the payment gateway via WebLink or ADC Relay Response to implement a
> Referrer URL on their account.
>
> A Referrer URL is any Webpage address from which your site processes its
> Authorize.Net transactions. Authorize.Net uses Referrer URLs to
> verify that
> each transaction submitted to your payment gateway account originated from
> your Website. Here’s how it works: First, you supply
> Authorize.Net with the
> Web address (otherwise known as a URL) from which your Website submits
> transactions (e.g., “https://www.mywebsite.com/paymentform.html”). Then,
> each time a transaction is submitted to your payment gateway account,
> Authorize.Net checks the address the transaction is coming from
> against the
> addresses that you have supplied in your Merchant Interface.
> Finally, if the
> addresses don’t match, Authorize.Net rejects the transaction.
>
> This security feature is available to all Merchants at no additional cost.
> It’s convenient, easy to configure, and serves as an additional security
> measure for you. In order to continue processing transactions through your
> Authorize.Net payment gateway account, you will need to become compliant
> with this new requirement by May 28, 2002. ANY MERCHANT WHO FAILS TO MEET
> THIS REQUIREMENT WILL BE UNABLE TO PROCESS TRANSACTIONS AFTER MAY
> 28, 2002,
> UNTIL THEY ARE IN COMPLIANCE WITH THIS NEW SECURITY MEASURE.
>
> IF YOUR WEBSITE CONNECTS TO THE AUTHORIZE.NET PAYMENT GATEWAY VIA
> WEBLINK OR
> ADC RELAY RESPONSE AND YOU HAVE NOT SET A REFERRER URL ON YOUR
> ACCOUNT, ALL
> YOUR TRANSACTIONS WILL BE DECLINED AS OF MAY 28, 2002.
I don't believe in general. It refers to ADC RELAY RESPONSE, and WEBLINK.
You may, (as I am) be using ADC DIRECT RESPONSE, which if you click on the
first link in this email, it details this.
The only thing for DIRECT RESPONSE would be to add "require password" (at
AuthNet), which is not required.
However, I don't know anything about RELAY RESPONSE and Weblink, and if you
are using them with IC, the only thing you would need to figure out is what
to use as the "referer url". ICs dynamic url may pose a hurdle, but that is
the only hurdle I see.
So, first, check what method you are using.
Paul