invalid md5 in payeezy payment method

-- HikaShop version -- : 2.6.3
-- Joomla version -- : 3.4.8
-- Error-message(debug-mod must be tuned on) -- : An Authorize.net notification was refused because the response from the Authorize.net server was invalid. The hash received was e8ad5d5f01883f70e58ec7bd69df8c4a while the calculated hash was 7B881B49CF47F8FA0D9A1F24D3708036. Please cehck that you're set the same md5 hash key in Authorize.net and the plugin

Hi,
We are using payeezy payment gateway as a payment method, After clicking on pay now button on our website its redirecting to payeezy gateway successfully but after entering the correct credit card details it is throwing invalid notification error, and I am getting mail showing invalid md5 as I checked in authorise.net plugin I have entered the same md5 as it is in the payezzy payment page. Can you tell whats the exact problem and how can I resolve it?

The MD5 hash is generated with each transaction. It's created on the fly using the payment page id, a randomized number, the UTC time stamp, the amount, the currency code, and the Transaction Key.

When you submit a transaction to payeezy, you send the payment page id, the randomized number you are using, your timestamp, the amount, and the currency code. You also send your MD5 hash. Payeezy looks at what you sent and varies your timestamp is within 15 minutes of UTC. If it is, it takes your values and creates an MD5 hash. If the two hashes do not match, the one you created and the one Payeezy created, it rejects the transaction attempt.

What's highly unusual with your issue is that you are getting to Payeezy's secure payment form. The MD5 hash is tested BEFORE the cardholder is allowed access to the secure payment form. If the MD5 hash is incorrect, you should never get to the point you can enter a credit card number.

Could you send me a link to your website so I can look at what is being sent to Payeezy?

From HikaShop Team :
For your Website security, Never post any references on a Forum !

Hi,
I contacted the payezzy support they say payments are processing successfully , the issue is not with them....the following error I am getting in a mail from my website "An Authorize.net notification was refused because the response from the Authorize.net server was invalid. The hash received was 1ab457e7fde2c2fc8080f555a35700fa while the calculated hash was 7C184A93057458ED8B84EB25E3E2B6B6. Please cehck that you're set the same md5 hash key in Authorize.net and the plugin" . It would be helpful if you throw some light on this?

We contacted 3ds studio they said they have not developed the plugin, so what do we do now, we are not getting much help from you!!!!

In the case, it sounds like an issue with the Response key. Log into First Data, go to Payment Pages, and look at Section 9 of the payment page you are working with. Here's a screenshot of what it looks like:

richard-rottman.com/wp-content/uploads/2016/05/response_key.png

Copy that Response Key and paste it into the plugin settings. That should fix the problem.

there is no such option in the authorize plugin settings?

Hi,

Were having the same problem with our authorize.net payment plugin. We had been using AIM, but for PCI compliance we started using DPM. We get this response when we try a transaction.

"Hello,
An Authorize.net notification was refused because the response from the Authorize.net server was invalid. The hash received was F77F3EF0F683B2AC3D9AF3BE4563EA66 while the calculated hash was 727802B22281302C49D6B871383F83F7. Please cehck that you're set the same md5 hash key in Authorize.net and the plugin"

I've tried setting new MD5 Hash's, but that didn't work. I've also tried creating a new transaction key, but that didn't help either.

Do you have any idea of what we should do?

Thanks for your time,
Tim

Hi,

The purchase will succeed using AIM. When using SIM or DPM we get the same invalid notification response using the same Login ID for Authorize.net, Transaction key for Authorize.net and MD5 Hash (response key) for Authorize.net.

A transaction has never succeeded using DPM. However, we need to use DPM for PCI compliance.

Thanks,
Tim

I was able to find and fix the problem.

The MD5 hash is 32 characters long. However, it appears Authorize.net only allows up to 20 characters. I'm not sure why this is, but is you remove 12 characters from the MD5 hash, it works fine.

I've provided a link to the Authorize.net support page.

support.authorize.net/authkb/index?page=content&id=A588