In this Guide: Authorize.Net - Extended Security
Summary
It is MonsterCommerce's top priority to do everything we can to protect your business from fraudulent transaction activity so you can focus on legitimate sales. As a MonsterCommerce client, you have always been protected with the Password verification. The MonsterCommerce software has always required a password in order to send transaction information to your Authorize.Net account. Nothing is being changed within our software.
Strengthening Your Transaction Security
Password authentication, (or equivalent authentication value, i.e., transaction key or fingerprint) is critical to verifying that transactions are indeed coming directly from your site, and ensures secure access to the Merchant Interface (Payment Gateway).
To strengthen the security of your transaction processing, Authorize.Net will enable Password-Required Mode for your account on November 22, 2004.
Your actual Authorize.Net password will not be affected by this change.
Note: Customers currently using Authorize.Net with MonsterCommerce are not required to make any updates to their Online Payment Manager. However, we recommend that you take advantage of the additional security measure offered by using the Transaction Key.
What is a Transaction Key?
Figure 1.1
Note: Use Transaction Key MUST be selected
The Transaction Key is similar to a password and is used by the Payment Gateway to authenticate transactions. It is an encrypted password that will be used for the transactions to be processed from MonsterCommerce to Authorize.Net.
You may obtain a new, unique transaction key as often as you wish by supplying the secret answer to the secret question that you answered when you set up your account.
You will still use your Password to login to your Authorize.Net account.
How To Obtain a Transaction Key
Login to your Authorize.Net account - http://www.Authorize.Net
Select Settings and Profile from the left side menu
Under Security - Select Obtain Transaction Key
You will need to know the Secret Answer to the Secret Question. If you do not know this information, you will need to contact Authorize.Net, MonsterCommerce will not be able to assist with this.
There is an option to Disable Old Transaction Key, a new Key is generated by Authorize.Net. If you are using this account on other web sites other than MonsterCommerce, we advise that you DO NOT Disable the Old Transaction Key. Doing so may interrupt service.
Click Submit and the Transaction Key will be displayed.
Copy the Transaction Key. You will need to enter (or paste) the Key within the Online Payment Manager in the MonsterCommerce admin panel. (See above figure 1.1)
We recommend that you go through a "test" order on the site to ensure that the Transaction Key was entered properly.
Additional Information: Authorize.Net Fraud Detection Suite http://www.authorizenet.com/files/fdswhitepaper.pdf